Pre-IPSO 6.2
voyager -e 0 <port>    !! No Encryption
voyager -e 128 <port>  !! 128-bit SSL Encryption

IPSO 6.2+
set voyager ssl-port <port>

[ # ]

clish -s -c "set static-route <ip>/<cidr> nexthop gateway address <gateway> on"
clish -s -c "set static-route default nexthop gateway address <gateway> on"

[ # ]

$FWDIR/database/rules.C  !! Contains rules
$CPDIR/conf/cp.license  !! License info
$FWDIR/conf/masters  !! CMA IP

[ # ]

ips_export_import export <profile-name> [-o <destination-file-name>] [-p <CMA-ip>]
ips_export_import import <new-profile-name> -f <source-file-name> [-p <CMA-ip>]

Notes:

  • The CMA IP is only necessary if you are using an MDS environment and have not 'mdsenv' into the CMA first

Documentation

[ # ]

cpprod_util FwIsActiveManagement       !! View current status; 1 is Active, 0 is Standby

cpprod_util FwSetActiveManagement 0       !! Set to Standby (failover)
cpprod_util FwSetActiveManagement 1       !! Set to Active (failover)

[ # ]

swapinfo
cpstat os -f cpu
cpstat os -f memory
fw tab -s -t connections
netstat -i

[ # ]

!! Install cpinfo Package Via Clish From FTP For IPSO
add package media ftp addr <IP Address> user <Username> password <Password> name cpinfo.tgz

!! Install cpinfo Package Via Clish From Local File For IPSO
add package media local name cpinfo.tgz

cpinfo -z -n -o /var/tmp/$(uname -n).$(date).cpinfo     !! Firewall or management server
cpinfo -z -n -c <CMAName> -o /var/tmp/<name>.$(date).cpinfo  !! CMA - Performed from the CMA environment

Notes:

  • cp_uploader is the new recommended method of generating and uploading cpinfo to Check Point
  • Filename for installing CPinfo on IPSO must end in .tgz
  • Package for local file installation on IPSO should be in /opt/packages

Documentation

[ # ]

cd /var/tmp; /bin/./asset; cat /var/tmp/outfile; rm /var/tmp/outfile

Notes:

  • This command will display CPU, hard disk, memory, serial numbers, and chassis serial numbers (for some models) and delete the temporary output file after
  • This likely will be replaced with 'show asset hardware' or a similar command within clish or iclid in the future

Documentation

[ # ]

!! Change IP
clish -s -c "add interface <if name> address <new ip address>/<cidr>"
clish -s -c "delete interface <if name> address <old ip address>"

!! Remove logical interface
clish -s -c "delete interface <if name>"

!! Delete interface (Will disable VRRP monitoring)
clish -s -c "set interface <if name> disable"
clish -s -c "set interface <if name> logical-name <if name>"
clish -s -c "delete interface <if name> address <old ip address>"

!! Set interface speed
clish -s -c "set interface <physical-interface> speed 100M duplex full active on"

!! Create Interface with VRRP - Example
clish
  add interface eth-s1p2 vlanid 141 address 172.1.1.3/24 logical-name eth-s1p2c23 enable
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 monitored-interface eth-s1p2c0 on
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 hello-interval 1
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 priority 90
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 backup-address 172.1.1.1 on
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 monitored-interface eth-s1p2c0 priority-delta 10
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 monitored-interface eth-s1p1c0 on
  set vrrp interface eth-s1p2c23 monitored-circuit vrid 127 monitored-interface eth-s1p1c0 priority-delta 10
  save config
  exit

[ # ]

clish -s -c 'add host name <hostname|domain> ipv4-address <ip>'

Notes:

  • Do NOT directly edit the /etc/hosts file

[ # ]