cpwd_admin config

Description

Configures the Check Point WatchDog.

Important - After changing the WatchDog configuration parameters, you must restart the WatchDog process with the "cpstop" and "cpstart" commands (which restart all Check Point processes).

Syntax on a Management Server in Gaia Clish or the Expert mode

cpwd_admin config

      -h

      -a <options>

      -d <options

      -p

      -r

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

cpwd_admin config

      -h

      -a <options>

      -d <options

      -p

      -r

Syntax on a Scalable Platform Security Group in Gaia gClish

cpwd_admin config

      -h

      -a <options>

      -d <options

      -p

      -r

Syntax on a Scalable Platform Security Group in the Expert mode

g_all cpwd_admin config

      -h

      -a <options>

      -d <options

      -p

      -r

Parameters

Parameter

Description

-h

Shows built-in usage.

-a <Configuration_Parameter_1>=<Value_1> <Configuration_Parameter_2>=<Value_2> ... <Configuration_Parameter_N>=<Value_N>

Adds the WatchDog configuration parameters.

Note - Spaces are not allowed between the name of the configuration parameter, the equal sign, and the value.

-d <Configuration_Parameter_1> <Configuration_Parameter_2> ... <Configuration_Parameter_N>

Deletes the WatchDog configuration parameters that user added with the "cpwd_admin config -a" command.

-p

Shows the WatchDog configuration parameters that user added with the "cpwd_admin config -a" command.

-r

Restores the default WatchDog configuration.

These are the available configuration parameters and the accepted values:

Configuration Parameter

Accepted Values

Description

default_ctx

Text string up to 128 characters

On a VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0., configures the CTX value that is assigned to monitored processes, for which no CTX is specified.

display_ctx

  • 0 (default)

  • 1

On a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway, configures whether the WatchDog shows the CTX column in the output of the cpwd_admin list command (between the APP and the PID columns):

  • 0 - Does not show the CTX column

  • 1 - Shows the CTX column

no_limit

  • Range: -1, 0, >0

  • Default: 5

If rerun_mode=1, specifies the maximal number of times the WatchDog tries to restart a process.

  • -1 - Always tries to restart

  • 0 - Never tries to restart

  • >0 - Tries this number of times

num_of_procs

  • Range: 30 - 3000

  • Default: 3000

Configures the maximal number of processes managed by the WatchDog.

rerun_mode

  • 0

  • 1 (default)

Configures whether the WatchDog restarts processes after they fail:

  • 0 - Does not restart a failed process. Monitor and log only.

  • 1 - Restarts a failed process (this is the default).

reset_startups

  • Range: > 0

  • Default: 3600

Configures the time (in seconds) the WatchDog waits after the process starts and before the WatchDog resets the process's startup_counter to 0.

To see the process's startup counter, in the output of the cpwd_admin list command, refer to the #START column.

sleep_mode

  • 0

  • 1 (default)

Configures how the WatchDog restarts the process:

  • 0 - Ignores timeout and restarts the process immediately

  • 1 - Waits for the duration of sleep_timeout

sleep_timeout

  • Range: 0 - 3600

  • Default: 60

If rerun_mode=1, specifies how much time (in seconds) passes from a process failureClosed A hardware or software problem that causes a Security Gateway to be unable to serve as a Cluster Member (for example, one of cluster interface has failed, or one of the monitored daemon has crashed). Cluster Member that suffered from a failure is declared as failed, and its state is changed to Down (a physical interface is considered Down only if all configured VLANs on that physical interface are Down). until WatchDog tries to restart it.

stop_timeout

  • Range: > 0

  • Default: 60

Configures the time (in seconds) the WatchDog waits for a process stop command to complete.

zero_timeout

  • Range: > 0

  • Default: 7200

After failing no_limit times to restart a process, the WatchDog waits zero_timeout seconds before it tries again.

The value of the zero_timeout must be greater than the value of the timeout.

The WatchDog saves the user defined configuration parameters in the $CPDIR/registry/HKLM_registry.data file in the ": (Wd_Config" section:

("CheckPoint Repository Set"
  : (SOFTWARE
    : (CheckPoint
      : (CPshared
        :CurrentVersion (6.0)
        : (6.0
        ... ...
          : (reserved
          ... ...
            : (Wd
                : (Wd_Config
                    :Configuration_Parameter_1 ("[4]Value_1")
                    :Configuration_Parameter_2 ("[4]Value_2")
                )
            )
          ... ...

Example

[Expert@HostName:0]# cpwd_admin config -p
cpWatchDog doesn't have configuration parameters
[Expert@HostName:0]#
[Expert@HostName:0]# cpwd_admin config -a sleep_timeout=120 no_limit=12
[Expert@HostName:0]#
[Expert@HostName:0]# cpwd_admin config -p
cpWatchDog Configuration parameters are:
sleep_timeout : 120
no_limit : 12
[Expert@HostName:0]#
[Expert@HostName:0]# cpstop ; cpstart
[Expert@HostName:0]#
 
[Expert@HostName:0]# cpwd_admin config -r
cpWatchDog doesn't have configuration parameters
[Expert@HostName:0]#
[Expert@HostName:0]# cpstop ; cpstart
[Expert@HostName:0]#
[Expert@HostName:0]# cpwd_admin config -p
cpWatchDog doesn't have configuration parameters
[Expert@HostName:0]#