Contents/Index/Search Download Complete PDF Send Feedback Print This Page

Previous

Next

Command Line Interface

Related Topics

QoS Commands

Setup

fgate Menu

Control

Monitor

Utilities

QoS Commands

QoS Command Names

QOS Command

Description

etmstart

Starts QoS

etmstop

Stops QoS

fgd50

QoS daemon

Setup

cpstart and cpstop

Generally, to stop and start the QoS gateway you are required to stop the
Firewall using the cpstop and cpstart commands. In the event that you would like to stop the QoS gateway only, you can use the QoS specific etmstart and etmstop commands. For more on cpstop and cpstart, see the R77 Security Management Administration Guide.

etmstart

etmstart loads the QoS gateway, starts the QoS daemon (fgd50), and retrieves the last policy that was installed on the QoS gateway.

etmstop

etmstop kills the QoS daemon (fgd50) and then unloads the QoS policy and gateway.

fgate Menu

The following menu is displayed when typing fgate from the command line.

Control

fgate

The fgate program is used to manage QoS. Its specific action is determined by the first command line argument, as described in the following sections:

fgate load

fgate load runs a verifier on the policy file. If the policy file is valid, fgate compiles and installs a QoS Policy to the specified QoS gateways. It can only be run from the Security Management Server.

  1. Syntax

fgate load <rule-file.F> [targets]

If targets is not specified, the QoS Policy is installed on the local host.

fgate unload

fgate unload uninstalls a QoS Policy from the specified QoS gateways. It can only be run from both the Security Management Server and localhost.

  1. Syntax

fgate unload [targets]

If targets is not specified, the QoS Policy is uninstalled from the local host.

fgate fetch

fgate fetch retrieves the QoS Policy that was last installed on the local host. You must specify the machine where the QoS Policy is found. Use "localhost" in case there is no Security Management Server or if the Security Management Server is down. You may specify a list of Security Management Servers, which will be searched in the order listed.

fgate fetch -f attempts to retrieve policies from all management stations, one after the other until it succeeds. If the gateway fails to retrieve a policy from a Security Management Server, it tries to retrieve one from itself.

Syntax

fgate fetch [-f | servers]

Examples

fgate fetch localhost

fgate fetch -f

fgate fetch mgmt_server_name

Monitor

fgate stat

fgate stat displays the status of target hosts in various formats. If this command is launched from a Security Management Server, it can be run on an array of gateways. If this command is launched from a gateway, the status of the gateway is returned.

Usage

fgate stat [targets] 

The default format displays the following information for each host: product, version, build number, policy name (Express or Traditional), install time and interfaces number.

If no target is specified, the status of localhost is shown. Example:

fgate stat 

Examples

fgate stat

fgate stat gateway1 gateway2 

fgate ver

fgate ver displays the QoS version number. If the -k option is included, both the kernel version build number and QoS executable version build number are returned. Without the -k, only the QoS executable version is specified.

Syntax
fgate ver [-k] 

Utilities

fgate log

fgate log turns logging on or off in the kernel. It can be used in order to save resources without reinstalling your QoS policy. The stat option returns the current state of logging.

Syntax

fgate log < on | off | stat >

By default, fgate log is turned on.

fgate ctl

fgate ctl sends control information to the QoS kernel gateway.

Syntax
fgate ctl etmreg 

Parameter

Meaning

etmreg

etmreg is for Unix platforms only. fgate ctl turns on or off the QoS kernel.

fgate debug

fgate debug turns on a debug flag which sends additional debugging information to the fgd log file: $FGDIR/log/fgd.elg. The default is off.

Syntax
fgate debug < on | off > 

fgate kill

fgate kill sends a signal to a QoS daemon. The Security Management Server does not run the QoS daemon therefore this command is valid only on gateways.

Syntax
fgate kill [-t sig_no] proc-name 

Parameter

Meaning

[-t sig_no] proc-name

If the file $FWDIR/tmp/<proc-name>.pid exists, send sig_no to the PID in the file.

If no signal is specified, signal 15 (sigterm) is sent.

The QoS daemon writes the PIDs to files in the log directory upon startup. These files are named $FWDIR/tmp/<daemon_name>.pid. For example, the file containing the PID of the QoS SNMP daemon is $FWDIR/log/snmpd.pid.

Examples

The following command:

fgate kill fgd

sends signal 15 to the QoS fgd daemon.

The following command:

 fgate kill -t 1 fgd

sends signal 1 to the QoS fgd daemon.

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print