My Check Point CCSA Journal: Check Point Command Line Interface (CLI)

Check Point Gaia is the next generation Secure Operating System for all Check Point appliances and open servers. Gaia combines the best features from IPSO and Secure Platform (SPLAT) into a single unified OS providing greater efficiency and robust performance. With the support of the full suite of Software Blades, customers will benefit from improved connection capacity and the full breadth and power of Check Point security technologies by adopting Gaia.

Gaia simplifies and strengthens management with segregation of duties by enabling role-based administrative access. Furthermore, Gaia greatly increases operational efficiency by offering Intelligent Software Updates. Security management is made simple with the intuitive and feature-rich web-based user interface and instant search for all commands and properties. Gaia is fully compatible with IPSO and SPLAT command line interface (CLI) commands, making it an easy transition from existing Check Point operating platforms.

There's a complete R77 CLI Reference Guide found in Check Point's website. Security Gateway prompt starts in CLISH (Super Shell in Gaia). Type the command expert to go to expert mode or BASH Shell but you’ll need to set a password first using the set expert-password command.

To monitor traffic on an interface use the tcpdump -i <ethx> command and Ctrl+C to stop the capture.

To check interface config and network traffic use the ifconfig<ethx> command.

To check the summary of interfaces and its IP address use the fwgetifs command.

To configure interface settings use the set interface <ethx> command.

To check the Layer 2 ARP table use the arp-a command.

To check the Layer 3 routing table use the netstat -r command.

To check the policy applied and when it was pushed use the fw stat command.

To check the system uptime use the show uptime command.

To check the OS version use the show version all, fw ver and cpstat os command.

On the Security Management Server (SMS) use the show users to check the configured local users. To add new user use add user <USER> <USER-ID> homedir <USER-DIRECTORY> command and set user <USER> newpass <PASSWORD> command to set the password.

To delete a user simply use delete user <USER> command.

To create a backup of the policy package use the add backup local command. I can’t perform a backup since the SmartDashboard is open. Use the show backup status command to check backup status.

To check the directory of policy package backup, you need to be in expert mode or BASH Shell. To restore policy package backup use the set backup restore local and then reboot in CLISH.

To perform database revision control in CLI use the dbver command in Expert mode. To create a new database version use the create command. It will ask to close SmartDashboard if it’s currently in use. To view all the database version use the print_allcommand.

To view the fwlog directory use cd /$FWDIR/log and ls -l*.log. To manually switch log file use the fwlogswitch command.

To get the Secure Internal Communication (SIC) status use the cp_conf sic state command.

To troubleshoot and re-initialize SIC on a Security Gateway use the cpconfig command, press 1 to check Licenses and contracts and press 5 for Secure Internal Communication.