Lista de alguns comandos para um troubleshoot básico em checkpoint
Verificar a versão do checkpoint
fw ver
Verificar a política de regras instalada
fw stat
Verificar a política de regras e estatísticas de tráfego por interface (permitidos e negados)
cpstat fw
Exibir o número de conxeões simultâneas
checkpoint-fw[admin]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 1234 31231 451893 451893
Verificar com é a manager associada (via SIC) com o firewall
checkpoint-fw[admin]# cat $FWDIR/conf/masters
Encontrar alguma rota
show route destination 192.168.0.12
Exibir configuração do VRRP
show vrrp
cpstat os -f cpu ** CPU Usage ** cpstat os -f memory ** Memory Usage ** clish show useful-stats ** Memory Usage % vmstat 2 ** free mem and cpu ** fw tab -s -t connections ** Checks current/max connections ** fw tab -t fwx_alloc -s ** Shows Translation Table Connections netstat -i ** Check for interface errors/collisions ** ipsctl -a | grep eth-s3p1:errors ** detailed interface errors ** ps -aux ** Show processes ** cp_conf sic state ** Check SIC ** ckp_regedit -p ‘SOFTWARE/CHECKPOINT/SIC’ **!ckp** grep -i icaip $CPDIR/registry/HKLM_* **find CMA IP** ipsctl -a | grep capabilities **Check Int Capabilities ipsctl -i **Menu with all hardware**
//CHECK SERIAL NUMBER cat /var/etc/.nvram fw ctl zdebug drop | grep 1414
// CHECK IF DISKLESS dmesg | grep flash system is flash-based, running in diskless mode
// REBOOT sync;sync;reboot
// RESTART FWD
date; grep “ipsrd:instance:default:vrrp:nomonitorfw t” /config/active; echo sh vrrp | iclid; netstat -an | grep 257; ps aux | grep fwd; swapinfo;
$CPDIR/bin/cpwd_admin stop -name FWD -path “$FWDIR/bin/fw” -command “fw kill fwd”; sleep 1; ps aux | grep fwd; $CPDIR/bin/cpwd_admin start -name FWD -path $FWDIR/bin/fw -command “fwd”
echo sh vrrp | iclid; date; ps aux | grep fwd; netstat -an | grep 257; swapinfo;
//SAVE VOYAGER clish save config exit dbset :save