net.cmed.us Open in urlscan Pro
2607:f8b0:4006:816::2013  Public Scan

Form analysis
1 forms found in the DOM

/system/app/pages/search

<form id="sites-searchbox-form" action="/system/app/pages/search" role="search"><input type="hidden" id="sites-searchbox-scope" name="scope" value="search-site"><input type="text" id="jot-ui-searchInput" name="q" size="20" value=""
    aria-label="Search this site">
  <div id="sites-searchbox-button-set" class="goog-inline-block">
    <div role="button" id="sites-searchbox-search-button" class="goog-inline-block jfk-button jfk-button-standard" tabindex="0" style="user-select: none;">Search this site</div>
  </div>
</form>

Text Content

NET

Search this site

Home‎ > ‎Checkpoint‎ > ‎


COMMAND LINE

Contents

 1. 1 clish vs. bash
    1. 1.1 bash password
    2. 1.2 Save config changes
    3. 1.3 Moving between clish and bash
 2. 2 Bash Commands: 
    1.  2.1 cpconfig
    2.  2.2 tcpdump
    3.  2.3 shutdown
    4.  2.4 reboot
    5.  2.5 fw stat
    6.  2.6 fw unloadlocal
    7.  2.7 fw ver
    8.  2.8 fw getifs
    9.  2.9 netstat -rn
    10. 2.10 netstat -an
    11. 2.11 cpstat os -f cpu
    12. 2.12 cpstat os -f multi_cpu
    13. 2.13 cpview
 3. 3 clish commands of note: 
    1. 3.1 show interfaces 
    2. 3.2 show interface eth0
    3. 3.3 show route
    4. 3.4 show users
    5. 3.5 Add user: 
    6. 3.6 clear screen 
    7. 3.7 backup and restore 






CLISH VS. BASH

Depending on how the user account is setup, when you login to a gateway
(firewall) or SMS (database) you will be put either in bash (expert) or clish
(checkpoint cli) mode.
The clish ("cli"-"shell") starts with a carrot ">", whereas, the bash prompt
starts with a pound "#" and the prefix of "Expert".

 clish    bash 

 







BASH PASSWORD

before you can login to bash, you need to set its password (aka the enable
password).  You do this with the "set expert-password" command.  You can also
tab-complete commands in clish which will also show you possible alternative
commands matching what you have already typed in.  

  


SAVE CONFIG CHANGES

any changes made to the firewall from the clish prompt need to be saved via the
"save config" command




MOVING BETWEEN CLISH AND BASH

The following commands will move you between the two input methods: 



 clish -> bash bash -> clish
expert
exit









BASH COMMANDS: 


CPCONFIG

make changes to the licenses of the firewall, including changing the SIC
password (#5 Secure Internal Communications). 




TCPDUMP

capture data from the firewall interfaces.  To break out of the capture, press
[Ctrl]+[c]




SHUTDOWN

shutdown the firewall






REBOOT

reboot the firewall




FW STAT

name of the security policy installed on the gateway




FW UNLOADLOCAL

unloads the policy from the firewall.  In other words it removes the firewall
rules pushed from the DB to the unit.  It converts the firewall to a more
"virgin-like" state, but keeps routes and interface settings.  Good if something
horrible was pushed, and you just need to get control back to the unit.  


note, that if you enter fw stat after you have unloaded the gateway, it will
show without a running policy




FW VER

view the running OS version on the firewall






FW GETIFS

view the interfaces on the gateway




NETSTAT -RN

views the routing table




NETSTAT -AN

view running services and the ports




CPSTAT OS -F CPU

stats on the firewalls cpu




CPSTAT OS -F MULTI_CPU

View the status of the different processors




CPVIEW

view the cpview utility to see ~lots~ of different stats on the firewall via a
command prompt.


You can scroll up and down (1) to see more of the results.  You can also see
multiple tabs (2) by pushing the left and right buttons


to get out of cpview, press [Ctrl]+[c]





CLISH COMMANDS OF NOTE: 

note that "netstat", "cpstat", and the "fw" commands work both in bash and
clish.  


SHOW INTERFACES 

view all of the interfaces configured on the firewall




SHOW INTERFACE ETH0

see the stats of one interface




SHOW ROUTE

view the routes defined on the gateway




SHOW USERS

view current user accounts allowed on the gateway






ADD USER: 

To add a user, use the add user command, define the uid, and the home directory

add user sam uid 200 homedir /home/sam






set the password for the new user

set user sam newpass vpn123






set the roles for the new user with the Role Based Access subcommand

add rba user sam roles adminRole




confirm user with the show users command again: 


remove a user with the delete user command: 

delete user sam






CLEAR SCREEN 

to clear your screen in checkpoint press [Ctrl]+[l]




BACKUP AND RESTORE 

first save the running config

save config


then make a backup of the local host

add backup local




view the status of the backup (is it still copying?)  

show backup status




view the backup file in expert mode.  Since it's stored in linux, you can scp it
off as needed.  you can rename this file as needed to remind you of the status
point


importing the backup is done with the 

set backup restore restore local <tab>









Comments
Anonymous
undefined
 
Your @mention will add people to this discussion and send an email.
Making sure people you mentioned have access…
The assigned person will be notified and responsible for marking as done.


Cancel
You do not have permission to add comments.





Sign in|Report Abuse|Print Page|Powered By Google Sites