Scribd
Upload
94 views2 pages

Comandos Utilizados

This document contains a collection of Check Point commands and SNMP queries for monitoring and troubleshooting Check Point firewall services and VPN connectivity. It includes commands to view CPU usage, memory usage, network interfaces, NAT tables, VPN debugging, cluster state, and more.

Uploaded by

enrique_stf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
94 views2 pages

Comandos Utilizados

This document contains a collection of Check Point commands and SNMP queries for monitoring and troubleshooting Check Point firewall services and VPN connectivity. It includes commands to view CPU usage, memory usage, network interfaces, NAT tables, VPN debugging, cluster state, and more.

Uploaded by

enrique_stf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

http://furiousfiber.

com/automatically-delete-old-log-files-on-check-point/
https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands
http://www.linfo.org/watch.html
Check Point services sk83520
VPN 3rd party sk108600
Enabling IKE and VPN debugging skI4326
ATRG: VPN Core sk104760
Best Practices - Security Gateway Performance sk98348
CoreXL Dynamic Dispatcher in R77.30 / R80.10 and above sk105261

fw ctl multik stat (distribucion de conexiones x CPU)


fw ctl affinity -l -v -r
cphaconf set_ccp broadcast
cphaconf set_ccp multicast
cphaprob mmagic (R80)
cphaconf cluster_id get
cpstat -f indexer mg
cpstat -f log_server mg
free -m
mpstat 2 5
iostat 2 5
/sbin/cpuinfo
cat /proc/meminfo

snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2620.1.6.7.7.2.1.9 1.0


snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2620.999.1.4.4

snmpwalk -v 2c -c public localhost .1.3.6.1.4.1.2620.1.1.25.21


snmpwalk -v 2c -c FW-Fenix-02 172.17.196.117 .1.3.6.1.4.1.2620.1.1.25.21
snmpget -v 2c -c public 172.17.196.117 .1.3.6.1.4.1.2620.1.1.25.21

snmpwalk -v3 -l authNoPriv -u admin -a MD5 -A vpn123 localhost .


1.3.6.1.4.1.2620.1.1.25.21

cpstat fw
cpstat mg (validar equipos conectados a la consola)
watch --interval=1 'cpstat fw'
fw stat

fw tab -u -t connections | awk '{ print $2 }' | sort -n | uniq -c | sort -nr | head
-10
fw tab -u -t connections -f | awk -F\; '{ print $3 }' | sort -n | uniq -c | sort
-nr | head -10 (PARA ORIGEN)
fw tab -u -t connections -f | awk -F\; '{ print $5 }' | sort -n | uniq -c | sort
-nr | head -10 (PARA DESTINO)
transformar el resultado de hex a decimal (top 10 IPs origen que acaparan la tabla
de conexiones) cambiar el 2 x el 4 para destino

Assume the Hide NAT address in question is 203.0.113.1:

fw tab -u -t connections | grep -ci cb007101


Divide the number reported by 2, and you have your answer. The result must be
divided by 2 because each post-NATted connection is represented by 2 flows,
one outbound (c2s) and one inbound (s2c). Also the NAT IP address must be converted
from the dotted quad format to hexadecimal as shown.

show routed cluster-state detailed


fw getifs

fw ctl multik stat (conexiones por core)


fw ctl affinity -l -r -a -v
cpstat -f memory os
cpstat -f multi_cpu os
enabled_blades

Delete all connections from the NAT cache and NAT allocation tables:
[Expert@HostName:<VSID>]# fw tab -t fwx_alloc -x -y
[Expert@HostName:<VSID>]# fw tab -t fwx_cache -x -y

fw ctl debug 0 (deshabilitar cualquier debug)

You might also like