Useful Check Point Commands

Useful Check Point Commands

checkpoint command to check serial number

checkpoint command line cheat sheet

Command                  Description 

cpconfig  =    change SIC, licenses and more

cpview -t    =    show top style performance counters

cphaprob stat  = list the state of the high availability cluster members. Should show                                             active and standby devices.

cphaprob -a if  = display status of monitored interfaces in a cluster

cphaprob -l list    =display registered cluster devices and status

cphaprob syncstat =display sync transport layer statistics

cphaprob ldstat = display sync serialization statistics

cphastop   = stop a cluster member from passing traffic. Stops synchronization.                                            (emergency only)

clusterXL_admin down –p = disable this node from cluster membership

cphaconf cluster_id get = get cluster Global ID membership

cplic print   = license information

cpstart  = start all checkpoint services

cpstat fw   = show policy name, policy install time and interface table

cpstat ha    = high availability state

cpstat blades=  top rule hits and amount of connections

cpstat os -f   = all checkpoint interface table, routing table, version, memory status, cpu                                 load, disk space

cpstat os -f cpu = checkpoint cpu status

cpstat os -f multi_cpu = checkpoint cpu load distribution

cpstat os -f sensors    =  hardware environment (temperature/fan/voltage)

cpstat os -f routing =  checkpoint routing table

cpstop = stop all checkpoint services

cpwd_admin monitor_list = list processes actively monitored. Firewall should contain cpd                                                     and vpnd.

 show asset all =  show serial numbers and hardware info

show route destination xx.xx.xx.xx = show routing for specific host

ip route get xx.xx.xx.xx =   show routing for specific host

iclid / show cluster state = show cluster fail over history