Essential Check Point CLI Commands for Configuration & Troubleshooting CheckPoint

DevOpsbyAshish February 21, 2025

 Check Point firewalls (Gaia OS) provide a powerful CLI for managing, configuring, and troubleshooting. Below are the most important commands categorized by function.

🔹 1. Basic System Commands

Check Gaia OS Version & System Info

show version all           # Displays OS, kernel, and Check Point version  
cat /etc/cp-release       # Show installed Check Point version  
dmidecode -s system-product-name  # Check hardware model

Check Network Interfaces & Routes

ifconfig -a               # Show all network interfaces  
ip a                      # Display IP addresses  
netstat -rn               # Show routing table

Reboot & Shutdown

reboot                    # Reboots the system  
shutdown -h now           # Shuts down the system

🔹 2. Firewall & Security Gateway Commands

Check Firewall Status

fw stat                    # Shows if the firewall is active  
fw ctl get int fw_drop     # Check if packets are being dropped

Verify Active Connections

fw tab -t connections -s   # Display current active connections

Check Installed Policies

fw stat -b policy          # Shows installed security policy

View Dropped Packets (Troubleshooting)

fw ctl zdebug drop         # Show real-time dropped packets (press Ctrl+C to stop)

🔹 3. Stateful Inspection & Connection Table Commands

View Active Connections

fw tab -t connections -s   # Display number of active connections  
fw ctl pstat               # Check SecureXL status

Flush Connections Table (Clears Active Sessions)

fw tab -t connections -x   # Clear all connections

Check SecureXL Status (Acceleration Technology)

fwaccel stat               # Shows SecureXL status

Disable SecureXL (For Debugging Only)

fwaccel off                # Disables SecureXL  
fwaccel on                 # Enables SecureXL

🔹 4. NAT (Network Address Translation) Commands

View NAT Rules Applied on Firewall

fw ctl debug -m fw + nat   # Shows real-time NAT rules processing

Check Active NAT Translations

fw tab -t fwx_alloc -s     # Displays active NAT sessions

Clear NAT Table (Flushing NAT Entries)

fw tab -t fwx_alloc -x     # Clears all NAT entries

🔹 5. VPN & ClusterXL (High Availability) Commands

Check VPN Tunnel Status

vpn tu                     # VPN troubleshooting menu  
vpn tu tlist               # Show all active VPN tunnels

Restart VPN Services

vpn kill vpn               # Restart VPN service

Check ClusterXL Status

cphaprob stat              # Displays cluster status  
cphaprob -a if            # Show cluster interfaces

Force Failover to Another Cluster Member

clusterXL_admin down       # Force current node to standby  
clusterXL_admin up         # Bring the node back to active

🔹 6. Logs & Monitoring Commands

View Security Logs

fw log -f                  # Show live firewall logs  
fw log -t | grep DROP      # Show dropped packets in logs

Check CPU & Memory Usage

top                        # Real-time CPU and memory stats  
free -m                    # Check free memory

View Disk Space Usage

df -h                      # Show available disk space

Monitor Traffic in Real-Time

tcpdump -i eth0 port 443   # Capture HTTPS traffic on eth0  
tcpdump -n -i any host x.x.x.x  # Capture packets from a specific host

Monitor High CPU Usage

cpview                     # Launches Check Point's monitoring tool

🔹 7. Restart & Debugging Services

Restart Check Point Services

cpstop                     # Stops all Check Point services  
cpstart                    # Starts all Check Point services

Restart Individual Services

service fw restart         # Restart firewall  
service vpn restart        # Restart VPN  
service cpd restart        # Restart Check Point Daemon

Check if All Services are Running

cpwd_admin list            # List all running Check Point processes

🎯 Summary: Most Useful Commands

FunctionCommand
Check firewall statusfw stat
View active connectionsfw tab -t connections -s
Check logsfw log -f
Restart firewallservice fw restart
View dropped packetsfw ctl zdebug drop
View NAT tablefw tab -t fwx_alloc -s
Monitor traffictcpdump -i eth0 port 443
Restart VPNvpn kill vpn
Check cluster statuscphaprob stat
Restart all Check Point servicescpstop && cpstart
DevOpsbyAshish

Posted by DevOpsbyAshish