CHECKPOINT BASIC TROUBLESHOOTING COMMANDS
1. cpwd_admin list : To check all service of the checkpoint are running or not.
If any service will not run then its STAT will show T. If service will work fine then its stat show E.
2. fw stat: It will show current policy name and detail which is applied to your gateway.
3. getifs: It will show all interfaces detail with ip addresses.
4. cpstat os –f ifconfig: It will show all ip address with MAC address in a straight table which can help to understand in better way.
5. cpconfig: It is very useful to make changes in checkpoint firewall. It is used to reset sic, enable or disable checkpoint cluser, secure xl, core xl etc.
6. Cp_conf sic stat: It will show SIC ( Secure Internal Communication) current stat.
7. cplic print: To check license status.
8. fw ctl pstat: About tcp/udp connections.
9. cphaprob stat: It will show cluster status.
10. cphaprob –a if: It will show all require a virtual interface for cluster and its detail.
11. cphaprob –I iflist: show all virtual interface detail.
12. tcpdump –I eth1: show ingress traffic from a particular interface.
13. Fw monitor –e “ accept src= x.x.x.x and dst=x.x.x.x;”: it will filter traffic from particular source to destination.
14. Show route: To check ipv4 route detail:
15. Cat /etc/hosts: To check host entry.