fw

Description

Fetches and unloads Threat Prevention policy.
Controls the Firewall module.
Generates the Default Filter policy files.
Fetches the policy from the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., peer Cluster Member Security Gateway that is part of a cluster., or local directory.
Fetches the specified Security or Audit log files from the specified Check Point computer.
Shows the list of interfaces and their IP addresses.
Shows information about Check Point computers in High Availability A redundant cluster mode, where only one Cluster Member (Active member) processes all the traffic, while other Cluster Members (Standby members) are ready to be promoted to Active state if the current Active member fails. In the High Availability mode, the Cluster Virtual IP address (that represents the cluster on that network) is associated: (1) With physical MAC Address of Active member (2) With virtual MAC Address. Synonym: Active/Standby. Acronym: HA. configuration and their states.
Controls ISP links in ISP Redundancy configuration.
Kills the specified Check Point processes.
Shows a list of hosts protected by the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..
Shows the content of Check Point log files.
Switches the current active State of a Cluster Member that is fully operational: (1) In ClusterXL, this applies to the state of the Security Gateway component (2) In 3rd-party / OPSEC cluster, this applies to the state of the cluster State Synchronization mechanism. log file.
Shows a list of Security or Audit log files.
Merges several input log files into a single log file.
Runs FW Monitor to capture the traffic that passes through the Security Gateway.
Rebuilds pointer files for Security or Audit log files.
Manages the Suspicious Activity Monitoring (SAM) rules.
Manages the Suspicious Activity Policy editor.
Shows the contents of the Unified Policy kernel tables.
Shows the currently installed policy.
Shows and deletes the contents of the specified kernel tables.
Executes the offline Unified Policy.
Removes all policies from the Security Gateway or Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member.
Shows the Security Gateway major and minor version number and build number.

Syntax

fw [-d] [-i]

amw <options>

ctl <options>

defaultgen

fetch <options>

fetchlogs <options>

getifs

hastat <options>

isp_link <options>

kill <options>

lichosts <options>

log <options>

logswitch <options>

lslogs <options>

mergefiles <options>

repairlog <options>

sam <options>

sam_policy <options>

showuptables <options>

stat

tab <options>

unloadlocal

up_execute <options>

ver <options>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-i

Specifies the CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instance.

See fw -i.

amw <options>

Fetches and unloads Threat Prevention policy.

See fw amw.

ctl

Controls the Firewall module.

See fw ctl.

defaultgen

Generates the Default Filter policy files.

See fw defaultgen.

fetch <options>

Fetches the policy from the Management Server, peer Cluster Member, or local directory.

See fw fetch.

fetchlogs <options>

Fetches the specified Security log files ($FWDIR/log/*.log*) or Audit log files ($FWDIR/log/*.adtlog*) from the specified Check Point computer.

See fw fetchlogs.

getifs

Shows the list with this information:

The name of interfaces, to which the Check Point Firewall kernel attached.
The IP addresses assigned to the interfaces.

See fw getifs.

hastat <options>

Shows information about Check Point computers in High Availability configuration and their states.

See fw hastat.

isp_link <options>

Controls ISP links in the ISP Redundancy configuration.

See fw isp_link.

kill <options>

Kills the specified Check Point processes.

See fw kill.

lichosts <options>

Shows a list of hosts protected by the Security Gateway.

See fw lichosts.

log <options>

Shows the content of Check Point log files - Security ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog).

See fw log.

logswitch <options>

Switches the current active log file - Security ($FWDIR/log/fw.log) or Audit ($FWDIR/log/fw.adtlog).

See fw logswitch.

lslogs <options>

Shows a list of Security log files ($FWDIR/log/*.log*) or Audit log files ($FWDIR/log/*.adtlog*) residing on the local computer or a remote computer.

See fw lslogs.

mergefiles <options>

Merges several input log files - Security ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog) - into a single log file.

See fw mergefiles.

monitor <options>

Runs FW Monitor to capture the traffic that passes through the Security Gateway.

See fw monitor.

repairlog <options>

Rebuilds pointer files for Security log files ($FWDIR/log/*.log) or Audit ($FWDIR/log/*.adtlog) log files.

See fw repairlog.

sam <options>

Manages the Suspicious Activity Monitoring (SAM) rules.

See fw sam.

sam_policy <options>

Manages the Suspicious Activity Policy editor.

See fw sam_policy.

showuptables <options>

Shows the contents of the Unified Policy kernel tables.

See fw showuptables.

stat

Shows the currently installed policy.

See fw stat.

tab <options>

Shows and deletes the contents of the specified kernel tables.

See fw tab.

unloadlocal

Uninstalls all policies from the Security Gateway or Cluster Member.

See fw unloadlocal.

up_execute <options>

Executes the offline Unified Policy.

See fw up_execute.

ver <options>

Shows the Security Gateway major and minor version number and build number.

See fw ver.