|
|
The following command line commands relate to the Security Management server and are documented in the R77 Command Line Interface Reference Guide.
Security Management server Command Line Interface
Command |
Description |
|---|---|
cpca_client |
This command and all its derivatives are used to execute operations on the ICA. |
cpca_client create_cert |
This command prompts the ICA to issue a SIC certificate for the Security Management server. |
cpca_client revoke_cert |
This command is used to revoke a certificate issued by the ICA. |
cpca_client set_mgmt_tools |
This command is used to invoke or terminate the ICA Management Tool. |
cpconfig |
This command is used to run a Command Line version of the Check Point Configuration Tool. This tool is used to configure/reconfigure a Check Point installation. |
cplic |
This command and all its derivatives relate to the subject of Check Point license management. All cplic commands are located in $CPRID/bin. |
cplic check |
Use this command to check whether the license on the local machine will allow a given feature to be used. |
cplic db_add |
The cplic db_add command is used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Security Gateway, central licenses need to undergo the attachment process. |
cplic db_print |
The cplic db_print command displays the details of Check Point licenses stored in the license repository on the Security Management server. |
cplic db_rm |
The cplic db_rm command removes a license from the license repository on the Security Management server. It can be executed ONLY after the license was detached using the cplic del command. Once the license has been removed from the repository, it can no longer be used. |
cplic del |
Use this command to delete a single Check Point license on a host, including unwanted evaluation, expired, and other licenses. This command is used for both local and remote machines. |
cplic del <object name> |
Use this command to detach a Central license from a Security Gateway. When this command is executed, the License Repository is automatically updated. The Central license remains in the repository as an unattached license. This command can be executed only on a Security Management server. |
cplic get |
The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management server. Do this to synchronize the repository with the Security Gateway (or with all the Security Gateways). When the command is run, all local changes will be updated. |
cplic put |
The cplic put command is used to install one or more Local licenses on a local machine. |
cplic put <object name> ... |
Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the License Repository is also updated. |
cplic print |
The cplic print command (located in $CPDIR/bin) prints details of Check Point licenses on the local machine. |
cplic upgrade |
Use the cplic upgrade command to upgrade licenses in the license repository using licenses in a license file obtained from the User Center. |
cp_merge |
This utility has two main functionalities: Export and import of policy packages Merge of objects from a given file into the Security Management server database |
cp_merge delete_policy |
This command provides the options of deleting an existing policy package. Note that the default policy can be deleted by delete action. |
cp_merge export_policy |
This command provides the options of leaving the policy package in the active repository, or deleting it as part of the export process. The default policy cannot be deleted during the export action. |
cp_merge import_policy| |
This command provides the options to overwrite an existing policy package with the same name, or prevent overwriting when the same policy name already exists. |
cp_merge list_policy |
This command lists the Policy Packages that are available. |
cppkg |
This command is used to manage the Package Repository. It is always executed on the Security Management server. |
cppkg add |
The cppkg add command is used to add a package to the Package Repository. Only packages can be added to the Package Repository. |
cppkg delete |
The command is used to delete a package from the Package Repository. To delete a package you must specify a number of options. To see the format of the options and to view the contents of the Package Repository, use the cppkg print command. |
cppkg get |
This command synchronizes the Package Repository database with the content of the actual Package Repository under $SUROOT. |
cppkg getroot |
The command is used to find out the location of the Package Repository. The default Package Repository location on Windows machines is C:\SUroot. On UNIX it is /var/SUroot. |
cppkg print |
The command is used to list the contents of the Package Repository. |
cppkg setroot |
The command is used to create a new repository root directory location, and to move existing packages into the new Package Repository. |
cpridrestart |
Stops and starts the Check Point Remote installation Daemon (cprid). This is the daemon that is used for remote upgrade and installation of products. It is part of the SVN Foundation. In Windows it is a service. |
cpridstart |
Starts the Check Point Remote installation Daemon (cprid). This is the service that allows for the remote upgrade and installation of products. It is part of the SVN Foundation. In Windows it is a service. |
cpridstop |
Stops the Check Point Remote installation Daemon (cprid). This is the service that allows for the remote upgrade and installation of products. It is part of the SVN Foundation. In Windows it is a service. |
cprinstall |
Use cprinstall commands to perform remote installation of packages, and associated operations. |
cprinstall boot |
This command is used to boot the remote computer. |
cprinstall cprestart |
This command enables cprestart to be run remotely. |
cprinstall cpstart |
This command enables cpstart to be run remotely. |
cprinstall cpstop |
This command enables cpstop to be run remotely. |
cprinstall get |
The cprinstall get command is used to obtain details of the packages and the Operating System installed on the specified Security Gateway, and to update the database. |
cprinstall install |
The cprinstall install command is used to install Check Point packages, UTM-1 Edge firmware packages, OPSEC partner packages (SU compliant) and Check Point IPSO images on remote Security Gateways. To install a package you must specify a number of options. Use the cppkg print command and copy the required options. |
cprinstall uninstall |
The cprinstall uninstall command is used to install Check Point packages, UTM-1 Edge firmware packages, OPSEC partner packages (SU compliant) and Check Point IPSO images on remote Security Gateways. To uninstall a package you must specify a number of options. Use the cprinstall get command and copy the required options. |
cprinstall verify |
The cprinstall verify command is used to verify:
|
cpstart |
This command is used to start all Check Point processes and applications running on a machine. |
cpstat |
cpstat displays the status of Check Point applications, either on the local machine or on another machine, in various formats. |
cpstop |
This command is used to terminate all Check Point processes and applications running on a machine. |
cpwd_admin |
cpwd (also known as WatchDog) is a process that invokes and monitors critical processes such as Check Point daemons on the local machine, and attempts to restart them if they fail. Among the processes monitored by Watchdog are cpd, fwd, fwm. cpwd is part of the SVN Foundation. cpwd writes monitoring information to the $CPDIR/log/cpwd.elg log file. In addition, monitoring information is written to the console on UNIX platforms, and to the Windows Event Viewer. The cpwd_admin utility is used to show the status of processes, and to configure cpwd. |
cpwd_admin config |
This command is used to set cpwd configuration parameters. When parameters are changed, these changes do not take effect until cpwd has been stopped and restarted. |
cpwd_admin exist |
This command is used to check whether cpwd is alive. |
cpwd_admin kill |
This command is used to kill cpwd. |
cpwd_admin list |
This command is used to print a status of the selected processes being monitored by cpwd. |
cpwd_admin monitor_list |
This command is used to print the list of processes actively being monitored. |
cpwd_admin start |
Start a new process by cpwd. |
cpwd_admin start_monitor |
This command is used to start continuous monitoring on this machine. |
cpwd_admin stop |
Stop a process which is being monitored by cpwd. |
cpwd_admin stop_monitor |
This command is used to stop continuous monitoring on this machine. |
dbedit |
This command is used by administrators to edit the objects file on the Security Management server. There is an objects file on the gateway and a file, objects_5_0.C on the Security Management server. A new objects.C file is created on the gateway (based on the objects_5_0.C on the Security Management server) whenever a Policy is installed. Editing the objects.C file on the gateway is not required or desirable, since it will be overwritten the next time a Policy is installed. |
DBTableStat |
This utility provides a daily summary of the number of log records that match the consolidation rules, and the number of consolidated records that were stored in the specified database table. The format of the output is a comma separated value. The execution time of this utility depends on the number of records in the SmartReporter table. |
dbver |
The dbver utility is used to export and import different revisions of the database. The properties of the revisions (last time created, administrator responsible for, etc.) can be reviewed. The utility can be found in $FWDIR/bin. |
dbver create |
Create a revision from the current state of $fwdir/conf, including current objects, rule bases, etc. |
dbver export |
Archive the revision as an archive file in the revisions repository: $fwdir/conf/db_versions/export. |
dbver import |
Add an exported revision to the repository a version from $fwdir/conf/db_versions/export. Give filename of revision as input. |
dbver print |
Print the properties of the revision. |
dbver print_all |
Print the properties of all revisions to be found on the server side: $fwdir/conf/db_versions. |
dynamic_objects |
dynamic_objects specifies an IP address to which the dynamic object will be resolved on this machine. |
fw |
The fw commands are used for working with various aspects of the firewall component of the Security Gateway. All fw commands are executed on the gateway. Typing fw at the command prompt sends a list of available fw commands to the standard output. |
fw ctl |
The fw ctl command controls the Security Gateway kernel. |
fw expdate |
This command is used to modify the expiration date of all users and administrators. |
fw fetch |
This command fetches the Inspection Code from the specified host and installs it to the kernel. |
fw fetchlogs |
fw fetchlogs fetches Log Files from a remote machine. You can use the fw fetchlogs command to transfer Log Files to the machine on which the fw fetchlogs command is executed. The Log Files are read from and written to the directory $FWDIR/log. |
fw hastat |
The fw hastat command displays information about High Availability machines and their states. |
fw kill |
This command prompts the kernel to shut down all the daemon processes in the firewall component of the Security Gateway. The command is located in the $FWDIR/bin directory on the Security Management server or gateway. The Security Gateway daemons and Security Servers write their pids to files in the $FWDIR/tmp directory upon startup. These files are named $FWDIR/tmp/daemon_name.pid. For example, the file containing the pid of the Security Gateway snmp daemon is $FWDIR/tmp/snmpd.pid. |
fw lea_notify |
This command should be run from the Security Management server. It sends a LEA_COL_LOGS event to all connected lea clients (see the LEA Specification documentation). It should be used after new log files have been imported (manually or automatically) to the $FWDIR/log directory in order to avoid the scheduled update which takes 30 minutes. |
fw lichosts |
This command prints a list of hosts protected by the Security Gateways. The list of hosts is in the file $fwdir/database/fwd.h |
fw log |
fw log displays the content of Log files. |
fw logswitch |
fw logswitch creates a new active Log File. The current active Log File is closed and renamed by default $FWDIR/log/current_time_stamp.log unless you define an alternative name that is unique. The format of the default name current_time_stamp.log is YYYY-MM-DD_HHMMSS.log. For example: 2003-03-26_041200.log |
fw mergefiles |
This command merges several Log Files into a single Log File. The merged file can be sorted according to the creation time of the Log entries, and the times can be "fixed" according to the time zones of the origin Log Servers. When the combined size exceeds 2GB, the merge creates a list of "merged files" where each file size is not more than 2GB. The user receives the following warning: "Warning: The size of the files you have chosen to merge is greater than 2GB. The merge will produce two or more files." The files names will be: [Requested name].log, [Requested name]_1.log, [Requested name]_2.log, ...,[Requested name]_n.log. Log entries with the same Unique-ID are unified. If a Log switch was performed before all the segments of a specific log were received, this command will merge the records with the same Unique-ID from two different files into one fully detailed record. |
fw lslogs |
This command displays a list of Log Files residing on a remote or local machine. You must initialize SIC between the Security Management server and the remote machine. |
fw putkey |
This command installs an authentication password on a host. This password is used to authenticate internal communications between Check Point Security Gateways and between a Check Point Security Gateway and its Security Management server. A password is used to authenticate the control channel the first time communication is established. This command is required for backward compatibility scenarios. |
fw repairlog |
fw repairlog rebuilds a Log file's pointer files. The three files name.logptr, name.loginitial_ptr and name.logaccount_ptr are recreated from data in the specified Log file. The Log file itself is modified only if the -u flag is specified. |
fw sam |
This command is used to manage the Suspicious Activity Monitoring (SAM) server. Use the SAM server to block connections to and from IP addresses without the need to change the Security Policy. SAM commands are logged. Use this command to (also) monitor active SAM requests (see -M option). To configure the SAM Server on the Security Management server or firewall gateway machine, use SmartDashboard to edit the Advanced>SAM page of the Security Gateway object. |
fwm |
This command is used to perform Security Management server operations. It controls fwd and all Check Point daemons. |
fwm dbimport |
fwm dbimport imports users into the Security Management server User Database from an external file. You can create this file yourself, or use a file generated by fwm dbexport. |
fwm dbexport |
fwm dbexport exports the Security Management server User Database to a file. The file may be in one of the following formats: - The same Usage as the import file for fwm dbimport - LDIF format, which can be imported into an LDAP Server using ldapmodify |
fwm dbload |
This command downloads the user database and network objects information to selected targets. If no target is specified, then the database is downloaded to localhost. |
fwm ikecrypt |
fwm ikecrypt command line encrypts the password of a SecuRemote user using IKE. The resulting string must then be stored in the LDAP database. |
fwm load |
This command compiles and installs a Security Policy or a specific version of the Security Policy on the target's VPN Security Gateways. This is done in one of two ways: - fwm load compiles and installs an Inspection Script (*.pf) file on the designated Security Gateways. - fwm load converts a Rule Base (*.W) file created by the GUI into an Inspection Script (*.pf) file then installs it to the designated Security Gateways. Versions of the Security Policy and databases are maintained in a version repository on the Security Management server. Using this command, specific versions of the Security Policy can be installed on a Security Gateway (local or remote) without changing the definition of the current active database version on the Security Management server. To protect a target, you must load a Policy that contains rules whose scope matches the target. If none of the rules are enforced on the target, then all traffic through the target is blocked. |
fwm lock_admin |
This command enables you to view and unlock locked administrators. |
fwm logexport |
fwm logexport exports the Log file to an ASCII file. |
fwm unload <targets> |
This command uninstalls the currently loaded Inspection Code from selected targets. |
fwm ver |
fwm ver displays the build number. |
fwm verify <policy-name> |
This command verifies the specified Policy Package without installing it. |
GeneratorApp |
This command generates a report for the SmartReporter. Both command line parameters are required. |
inet_alert |
This command notifies a company's Internet Service Provider (ISP) when the company's corporate network is under attack. The inet_alert utility forwards log messages generated by the alert daemon to an external Security Management server, typically located at the ISP site. The ISP can then analyze the alert and decide how to react. inet_alert uses the ELA Protocol to send the alert. The Security Management server receiving the alert must be running the ELA Proxy. If communication with the ELA Proxy is to be authenticated or encrypted, a key exchange must be performed between the Security Management server running the ELA Proxy and the gateway generating the alert. To use this utility, enter it into a script. From Global Properties > Logs and alert > alert commands and enter the name of the script. |
ldapcmd |
ldapcmd is used to manage processes running on the firewall collectively or individually. It includes: Cache - cache operations, such as emptying the cache, as well as providing debug information. Statistics - lookup statistics such as all user search, pending lookups (when two or more lookups are identical) and total lookup time (the total search time for a specific lookup) cache statistics such as hits and misses Logging - view the alert and warning log regarding debug |
ldapcompare |
ldapcompare is used to perform compare queries that print a message whether the result returned a match or not. ldapcompare opens a connection to an LDAP directory server, binds, and performs the comparison specified on the command line or from a specified file. |
ldapconvert |
ldapconvert is a utility program to port from Member mode to MemberOf mode. This is done by searching all specified group/template entries and fetching their Member attribute values. Each value is the DN of a member entry. The entry identified by this DN will be added to the MemberOf attribute value of the group/template DN at hand. In addition, those Member attribute values will be deleted from the group/template unless Both mode is specified. While running the program, a log file named ldapconvert.log is generated in the current directory, logging all modifications done and errors encountered. |
ldapmodify |
ldapmodify imports users to an LDAP server. The input file must be in the LDIF format. |
ldapsearch |
ldapsearch queries an LDAP directory and returns the results. |
log_export |
log_export is a utility that allows you to transfer Log data to an external database. This utility behaves as a LEA client. LEA (Log Export API) enables Security Gateway log data to be exported to third-party applications. log_export receives the Logs from the Security Management server via LEA so it can be run from any host that has a SIC connection with the Security Management server and is defined as an OPSEC host. log_export should be defined as a reporting Security Gateway in order to act in a distributed environment. To run log_export, you need a basic understanding and a working knowledge of: - Oracle database administration - LEA |
queryDB_util |
queryDB_util enables searching the object database according to search parameters. |
rs_db_tool |
rs_db_tool is used to manage DAIP Modules in a DAIP database. |
sam_alert |
This tool executes Check Point SAM (Suspicious Activity Monitoring) actions according to information received through Standard input. This tool is for executing SAM actions with the Check Point User Defined alerts mechanism. |
