pep show

Description

Shows information about PEPClosed Check Point Identity Awareness Security Gateway that acts as Policy Enforcement Point: receives identities via identity sharing; redirects users to Captive Portal..

Syntax

pep show

    conciliation_clashes

        all

        clear

        ip <Session IP Address>

    network

        pdp

        registration

    pdp

        all

        id <ID of PDP>

    stat

    topology_map

    user

        all

        query

                cid <IP[,ID]>

                cmp <Compliance>

                mchn <Computer Name>

                mgrp <Group>

                pdp <IP[,ID]>

                role <Identity Role>

                ugrp <Group>

                uid <UID String>

                usr <Username>

Parameters

Parameter

Description

conciliation_clashes <options>

Shows session conciliation clashes.

The available <options> are:

  • all - Show all conciliation clashes.

  • clear - Clears all session clashes.

  • ip <Session IP Address> - Show all conciliation clashes filtered by the specified session IP address.

network <options>

Shows network related information.

The available <options> are:

pdp <options>

Shows the communication channel between the PEP and the PDP.

Available <options> are:

  • all - Shows all connected PDPs.

  • id - Shows the information for the specified PDP.

stat

Shows the last time the pepd daemon was started and the last time a policy was received.

Important - Each time the pepd daemon starts, it loads the policy and the two timers. The times between the pepd daemon start and when it fetched the policy are very close.

topology_map

Shows topology of all PDP and PEP addresses.

user <options>

Shows the status of sessions that PEP knows.

You can perform various queries to get the applicable output (see below).

The available <options> are:

  • all - Shows the list of all clients.

  • query - Queries the list of users based on the specified filters:

    • cid <IP[,ID]> - Matches entries of clients with the specified Client ID.

    • cmp <Compliance> - Matches entries with the specified compliance.

    • mchn <Computer Name> - Matches entries with the specified computer name.

    • mgrp <Group> - Matches entries with the specified machine group.

    • pdp <IP[,ID]> - Matches entries, which the specified PDP updated.

    • role <Identity Role> - Matches entries with the specified identity role.

    • ugrp <Group> - Matches entries with the specified user group.

    • uid <UID String> - Matches entries with the specified full or partial UID.

    • usr <Username> - Matches entries with the specified username.

    Note - You can use multiple query filters at the same time to create a logical AND correlation between them.

    For example, to show all users that have a sub-string of "jo" AND are part of the user group "Employees" you can use this query syntax:

    # pep show user query usr jo ugrp Employees