Posts

Showing posts from December, 2017

FIND UTM-1 CHECK POINT APPLIANCE MODEL FROM CLI

You’ve been given the task of working on a firewall – but unfortunately, the old admin never took notes, there is no documentation, and the physical UTM-1 Appliance is in another country. So… what the heck is it? Here is how to find out what type of UTM-1 or Power-1 Appliance you have in the datacenter (or closet) from the command line:


Run the following command: [Expert@yourfirewall]# /usr/sbin/dmidecode | grep "Product Name" Product Name: P-10-00 Here is a list of the dmidecode information that I’ve found for various UTM/Power-1 appliances, and the hardware that you can expect to require if you run an open server. Check Point 2012 Appliance seriesDMIDecodeModelSPUFWVPNIPSCPUMHzRAMG-50214002003507212x Intel Xeon E5645 (6 cores)2.40GHz6P-230-00126001861307172x Intel Xeon E5645 (6 cores)2.40GHz?P-220-0012400???????P-210-0012200738152.58Intel Core i5 750 (4 cores)2.67GHz4 Check Point Power-1 Appliance seriesDMIDecodeModelSPUFWVPNIPSCPUMHzRAM?11075up to 1222204122x Intel Xeon E…

CHECK POINT SPLAT COMMANDS

This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:
clockdisplay date and time on firewallcpconfigchange SIC, licenses and morecphaprob ldstatdisplay sync serialization statisticscphaprob statlist the state of the high availability cluster members. Should show active and standby devices.cphaprob syncstatdisplay sync transport layer statisticscphastopstop a cluster member from passing traffic. Stops synchronization. (emergency only)cplic printlicense informationcpstartstart all checkpoint servicescpstat fwshow policy name, policy install time and interface tablecpstat hahigh availability statecpstat os -f allcheckpoint interface table, routing table, version, memory status, cpu load, disk spacecpstat os -f cpucheckpoint cpu statuscpstat os -f routingcheckpoint routing tablecpstopstop all checkpoint servicescpwd_admin monitor_listlist processes actively monitored. Firewall should contain cpd and…