Check Point Commands

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).

   Check Point Gaia commands can be found here.

CP, FW & FWM

cphaprob statList cluster status
cphaprob -a ifList status of interfaces
cphaprob syncstatshows the sync status
cphaprob listShows a status in list form
cphastart/stopStops clustering on the specfic node
cp_conf sicSIC stuff
cpconfigconfig util
cplic printprints the license
cprestartRestarts all Check Point Services
cpstartStarts all Check Point Services
cpstopStops all Check Point Services
cpstop -fwflag -procStops all checkpoint Services but keeps policy active in kernel
cpwd_admin listList checkpoint processes
cplic printPrint all the licensing information.
cpstat -f all polsrvShow VPN Policy Server Stats
cpstatShows the status of the firewall
fw tab -t sam_blocked_ipsBlock IPS via SmartTracker
fw tab -t connections -sShow connection stats
fw tab -t connections -fShow connections with IP instead of HEX
fw tab -t fwx_alloc -fShow fwx_alloc with IP instead of HEX
fw tab -t peers_count -sShows VPN stats
fw tab -t userc_users -sShows VPN stats
fw checklicCheck license details
fw ctl get int [global kernel parameter]Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter]  [value]Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
fw ctl arpShows arp table
fw ctl installInstall hosts internal interfaces
fw ctl ip_forwardingControl IP forwarding
fw ctl pstatSystem Resource stats
fw ctl uninstallUninstall hosts internal interfaces
fw exportlog .oExport current log file to ascii file
fw fetchFetch security policy and install
fw fetch localhostInstalls (on gateway) the last installed policy.
fw hastatShows Cluster statistics
fw lichostsDisplay protected hosts
fw log -fTail the current log file
fw log -s -eRetrieve logs between times
fw logswitchRotate current log file
fw lslogsDisplay remote machine log-file list
fw monitorPacket sniffer
fw printlic -pPrint current Firewall modules
fw printlicPrint current license details
fw putkeyInstall authenication key onto host
fw stat -lLong stat list, shows which policies are installed
fw stat -sShort stat list, shows which policies are installed
fw unloadlocalUnload policy
fw ver -kReturns version, patch info and Kernal info
fwstartStarts the firewall
fwstopStop the firewall
fwm lock_admin -vView locked admin accounts
fwm dbexport -f user.txtused to export users , can also use dbimport
fwm_startstarts the management processes
fwm -pPrint a list of Admin users
fwm -aAdds an Admin
fwm -rDelete an administrator

Provider 1

mdsenv [cma name]Sets the mds environment
mcdChanges your directory to that of the environment.
mds_setupTo setup MDS Servers
mdsconfigAlternative to cpconfig for MDS servers
mdsstatTo see the processes status
mdsstart_customer [cma name]To start cma
mdsstop_customer [cma name]To stop cma
cma_migrateTo migrate an Smart center server to CMA
cmamigrate_assistIf you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server

VPN

vpn tuVPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏Verifies the ipassignment.conf file
dtps licshow desktop policy license status
cpstat -f all polsrvshow status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip]delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip]show Phase 2 SA
vpn shell show interface detailed [VTI name]show VTI detail

Debugging

fw ctl zdebug dropshows dropped packets in realtime / gives reason for drop

SPLAT Only

routerEnters router mode for use on Secure Platform Pro for advanced routing options
patch add cdAllows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backupAllows you to preform a system operating system backup
restoreAllows you to restore your backup
snapshotPerforms a system backup which includes all Check Point binaries. Note : This issues a cpstop.

VSX

vsx get [vsys name/id]get the current context
vsx set [vsys name/id]set your context
fw -vs [vsys id] getifsshow the interfaces for a virtual device
fw vsx stat -lshows a list of the virtual devices and installed policies
fw vsx stat -vshows a list of the virtual devices and installed policies (verbose)
reset_gwresets the gateway, clearing all previous virtual devices and settings.
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial