fw commands

The "fw" commands control various aspects of the Check Point Security Gateway.

To see the available "fw" commands, on the command line enter fw and press the TAB key.

For some of the CLI commands, you can enter the "-h" parameter to the available parameters.

For more information about the fwcommands, see the R80.20 Command Line Interface (CLI) Reference Guide.

Important:                                                                                                                     

  • You must run these commands in the Expert mode.

  • You can run these commands in the debug mode: fw -d ...

  • For more information, see the:

    R80.20 Command Line Interface Reference Guide >

    Chapter Security Gateway Commands >

    Section fw.

Command

Description

fw activation [-h]

Activates the license.

fw agbn_tunnel_mode [-h]

Tests the tunnel mode for the Reach My Device service (Permanent or On-Demand).

See Configuring the "Reach My Device" Service.

fw avload [-h]

Loads the Anti-Virus signatures to kernel.

fw check_available_firmware [-h]

Checks for firmware updates and activates them if needed.

fw cloud_activate [-h]

Connects the appliance to the Cloud Management

fw cloud_reset_key [-h]

Resets the Cloud Management registration key to the original or specific value.

fw ctl [-h]

Controls the Security Gateway kernel:

  • arp

  • block

  • chain

  • conn

  • debug

  • dos

  • failmem

  • get

  • iflist

  • install

  • kdebug

  • leak

  • pstat

  • resetifn

  • sdstat

  • set

  • setsync

  • tcpstrstat

  • uninstall

  • zdebug

fw debug [-h]

Controls the debug of the SFWD daemon. See sk113090.

fw fetch <options>

Fetches the policy from the Management Server (on Centrally Managed), or local directory (on Centrally Managed and Locally Managed).

fw fetchdefault [-h]

Fetches the default policy (on Centrally Managed and Locally Managed).

fw fetchlocal [-h]

Fetches the last policy from local directory (on Centrally Managed and Locally Managed).

fw gen_initial_policy [-h]

Compiles the initial policy (on Centrally Managed and Locally Managed).

fw log_server_activate [-h]

On Centrally Managed, configures a Log Server, to which the Security Gateway sends its logs.

fw monitor [-h]

Captures the traffic inspected by Software Blades (on Centrally Managed and Locally Managed).

fw notify_firmware_update [-h]

Sends a firmware update notification to the Cloud Management.

fw pull_cert [-h]

On Centrally Managed, pulls a certificate from the Management Server's Internal Certificate Authority (ICA).

fw sfwd <options>

Controls the SFWD daemon.

fw sic_init [-h]

On Centrally Managed, initializes the Secure Internal Communication (SIC).

fw sic_reset [-h]

On Centrally Managed, resets the Secure Internal Communication (SIC) configuration.

fw sic_test

On Centrally Managed, shows status of the Secure Internal Communication (SIC) communication with a Management Server.

fw smbcloud_report_pdf <options>

Generates a report PDF file in Cloud Management.

Full syntax:

fw smbcloud_report_pdf -d <report-data> -n <report-name> -v {true | false}

In addition, see generate report cloud-report.

fw stat [-h]

Shows the installed policy.

This command is deprecated - use the "cpstat fw -f policy" command (see cpstat).

fw tab [-h]

Shows and deletes the contents of the specified kernel tables.

fw unloadlocal

Uninstalls all local policies.

Warning:

  • This command prevents all traffic from passing through the Security Gateway, because it disables the IP Forwarding in the Linux kernel on the Security Gateway.

  • This command removes all policies from the Security Gateway. This means that the Security Gateway accepts all incoming connections destined to all active interfaces without any filtering or protection enabled.

fw ver [-k]

Shows the Firewall version.