cli tools updated
TRANSCRIPT
-
7/25/2019 CLI Tools Updated
1/31
CLI Tools
Checkpoint Command Line
Interface
-
7/25/2019 CLI Tools Updated
2/31
SPLAT Shells
Splat Operating System Shells
Standard mode shell Gives some
limited commands for Administrationof device
Epert mode shell Gives access toroot of the system for advancedadministration and tro!"leshooting
-
7/25/2019 CLI Tools Updated
3/31
Commands
pass#d To change the pass#ord of the c!rrent!ser
time$one To set the time$one
time to see the c!rrent time
date to see the c!rrent date
eit Eits from the c!rrent !ser session
sh!tdo#n Sh!ts do#n the %evice
-
7/25/2019 CLI Tools Updated
4/31
-
7/25/2019 CLI Tools Updated
5/31
netstat rn sho#s the ro!ting ta"le
grep command can "e !sed at the end ofthe normal commands to gra" speci-c nameyo! #ish to search for( Eample. in yo!rro!ting ta"le. yo! #ish the ro!ting at yo!rinterface eth/( 0o!1ll !se "elo# command2
netstat 3rn 4 grep eth/If yo! #ish to display the ro!ting ta"le perpage. !se 4 more at the end of yo!rcommand line( Eample2
netstat 3rn 4 more
-
7/25/2019 CLI Tools Updated
6/31
ifcon-g !se shift 5 page!p to vie#
the complete content ip addr same as ifcon-g #ith some
limited info
dns #illtell yo! #hat is the %6Sserver the -re#all !ses
#e"!i #e"!i ena"le )port
n!m"er*
-
7/25/2019 CLI Tools Updated
7/31
locko!t locko!t ena"le )n!m"er ofattempts* )time in min!tes*
locko!t sho#
!nlock!ser to !nlock the locked !ser
check!serlock
Arp Sho#s the arp entries on the ,ire#all
-
7/25/2019 CLI Tools Updated
8/31
f# directory lists the -les and options !nder -re#allmod!le
f# ver sho#s the -re#all version #ith the "!ild info
f# stat 3 sho#s last time #hen the sec!rity policy #asinstalled on the SPLAT ,ire#all
f# !nloadlocal 3 this !ninstalls the sec!rity policycompletely from the machine( Any active connections like6AT connections or 'P6 connections i(e( any connectionsgoing thro!gh the ,ire#all #ill "e dropped(
This #ill open !p the machine for any tra7c i(e( any anyallo# !ntil policies are installed from the 8anagementserver
-
7/25/2019 CLI Tools Updated
9/31
f# ta" 3s 3t connections sho#sn!m"er of connections in state ta"le3s is for s!mmary
f# ta" 3t late 3 clear all translatedentries 9emergency only:
-
7/25/2019 CLI Tools Updated
10/31
cpstop 3 stopping checkpoint services( ;hen its ran remotelyeven the admin connection to the -re#all #ill also "e dropped
"eca!se it #ill essentially sh!t do#n the sec!rity policy andevery other service r!nning on the mod!le
cpstart 3 restart those services
If yo! are managing the console remotely and do not #ant to
get disconnected from the ,ire#all yo! can !se cpstop andcpstart in the single command "y !sing semi colon in "et#eenas "elo#3
cpstop 2 cpstart
It #ill stop the checkpoint services and then its going to restartand p!ll the sec!rity policies con-g!red on the -re#all
-
7/25/2019 CLI Tools Updated
11/31
cpcon-g 3 Gives the a"ility to reset o!rSIC
SIC sho!ld "e reset #hen yo! change thehostname of the ,ire#all #hich is tied tothe certi-cate !nder the ICA( If the ipaddress is changed. then its not re
Syscon-g is !sed to enter the net#orksetting on the SPLAT machine and see theprod!cts con-g!red on that SPLAT
-
7/25/2019 CLI Tools Updated
12/31
cpinfo 3 ,ile #hich is re
-re#all or the management server(
cpinfo 3o test(tg$
ls
-
7/25/2019 CLI Tools Updated
13/31
cpinfo 3 ,ile #hich is re
Its created "y !sing the "elo# commandcpinfo 3o )-lename(tg$*
%o an ls to list the -le
-
7/25/2019 CLI Tools Updated
14/31
f#m ver
f#d ver
f#m help
-
7/25/2019 CLI Tools Updated
15/31
-
7/25/2019 CLI Tools Updated
16/31
,;%I&=conf %irectory3 It contains &!le"ases.
o">ects and the !ser data"ase
cd ?,;%I&=confls
It contains @ important s!" directories o">ectsB(C O">ects(C
r!le"asesB(f#s f#a!th(nd"
-
7/25/2019 CLI Tools Updated
17/31
o">ectsB(C
Incl!des all the modi-ed o">ect val!es!nder smartvie# dash"oard( This -ledoes not get p!shed to the ,ire#all
o">ects(C;henever #e compile a policy this -legets delivered to the -re#all "y installpolicy option. o">ectsB(C -le #ill "e
going to "e converted to o">ects(C -le#hich is act!ally p!shed to the -re#all(
-
7/25/2019 CLI Tools Updated
18/31
r!le"asesB(f#s
It incl!des the sec!rity policies. 6ATpolicies and application control policies
f#a!th(nd"
It contains all of -re#all !sers andgro!ps information #hich also locatedin the same ,;%I&=conf directory and
,;%I&=data"ase directory
-
7/25/2019 CLI Tools Updated
19/31
,;%I&=log directory It contains log-les
cd ,;%I&=log
ls
-
7/25/2019 CLI Tools Updated
20/31
-
7/25/2019 CLI Tools Updated
21/31
,;%I&="in %irectory
cd ,;%I&="in
ls
-
7/25/2019 CLI Tools Updated
22/31
One of the most important "ack!p
and restore -les are stored in thisdirectory(
cd !pgradetools
ls
-
7/25/2019 CLI Tools Updated
23/31
!pgradeeport 3 sho!ld "e taken on
a #eekly "asis for the scs if there arelot of policy changes( Command tostart !pgrade eport is
(=!pgrade3eport test(tg$
-
7/25/2019 CLI Tools Updated
24/31
Its going to "ack!p all the policy information andthe con-g!ration eisting on SCS
DDpgrade Import and Dpgrade eport is strictly!sed for policy "ack!p and restore from the SCS(
It is typically !sed #hen yo! are moving policy"et#een machines or #hen yo! do the !pgradeprocess(
Lets say if yo! are moving from Solaris to SPLAT.!pgrade tools #ill provide the ei"ility to import
and eport the policy data"ase "et#een diFerentOS1s(
-
7/25/2019 CLI Tools Updated
25/31
Dsing !pgrade eport yo! can take thecon-g!ration from a #indo#s machine toa SPLAT to Solaris or to a &edhat machine(
;hereas snapshot and cp"ack!p #ill "e#orking only for SPLAT #here it can only"e !sed on a single machine for restoringsomething #ith a same hostname. same
ip address and same soft#are level(
-
7/25/2019 CLI Tools Updated
26/31
To import the eported con-g!ration.!se the command
(=!pgradeimport
-
7/25/2019 CLI Tools Updated
27/31
cplic p!t 3 is !sed to install one or moreLocal licenses( This command installs alicense on a local machine and it cannot"e performed remotely(
cplic print 3 prints details of Check Pointlicenses on the local machine( On a8od!le. this command #ill print alllicenses that are installed on the localmachine "oth Local and Central licenses(
-
7/25/2019 CLI Tools Updated
28/31
f# lichosts prints a list of hosts
protected "y the 'P63H=,ire#all3H=nprod!cts( The list of hosts is in the -le?,;%I&=data"ase=f#d(h
f# sam inhi"its 9"locks: connections toand from speci-c IP addresses#itho!t
the need to change the Sec!rity Policy(The command is logged
-
7/25/2019 CLI Tools Updated
29/31
Command to sniF the packets onspeci-c interface are as "elo#2
tcpd!mp 3i 3s HBnet H((H(=@ 3#=var=tmp=#(pcap
O&
tcpd!mp 3i 3s HBnet eth 3#=var=tmp=#(pcap
Jthe interface name is the interfacesets on yo!r device( If yo! #ant to-lter "ased on the net#ork address.
yo! sho!ld p!t as a"ove. if -lter"ased on host. change it to 1hostH((H(H1(
-
7/25/2019 CLI Tools Updated
30/31
The 3s HB indicate the normal HBsi$e packet yo! #ant to capt!re( If
yo! don1t de-ne HB. the packetscapt!red #ill sho# incompletedetails(
3# is !sed to save the -les to aspeci-c folder( Ky de-ning the -leetension #ith (pcap. yo!1d "e a"le to
do!"le click the -le to open it viaethereal(
-
7/25/2019 CLI Tools Updated
31/31
cpstat os 3f cp! sho#s cp! stat!s
cpstat os 3f ro!ting Sho#s ro!tingta"le
f# lslogs lists -re#all logs
f# stat 3l sho#s #hich policy isassociated #ith #hich interface andpackage drop. accept and re>ect