Useful Checkpoint Commands

Some useful Checkpoint commands for reference:

fw unloadlocal - Unload the local policy.
fw stat - Show the policy version that is currently installed.
fw log - Show the log file.
fw ver - Show the installed Checkpoint version.
fw lslogs - List all log files available.
fw logswitch - Force a log cycle.


cp_conf sic state - Show SIC (secure internal comms) status.
cp_conf ha enable/disable - Enable/Disable HA (not sure what difference is to cphastop/cphastart)
cp_conf lic get - Show installed licenses - same as "cplic print"

cpstat - Show module status
cpstat -f routing os - Show routing table.
cpstat -f ifconfig os - Show interface configurations.
cpstat -f accelerator vpn - Show VPN hardware status.

cpwd_admin - Checkpoint process command.
cpwd_admin list - Show running processes.

vpn debug - Turns on VPN debugging, logs to $FWDIR/log/vpnd.elg
vpn debug ikeon - Turns on debugging to $FWDIR/log/IKE.elg (needs IKEView application to read)

vpn tu - VPN Tunnel Utility

vpn ver - Shows VPN version installed (same as fw ver in any NG/NGX).

iclid - Basic shell to provide IOS like commands.


Clustering / HA commands (These also work for VRRP HA)

cphaprob state - Show clustering status (this should list all firewalls in the cluster or something isn't working).
cphastart / cphastop - Start/Stop the High Availability/Clustering.
cphaconf - HA configuration from command line.
cphaconf set_ccp broadcast/multicast - Set the Cluster Control Protocol to use broadcast or multicast