Check Point SecurePlatform CLI reference

By | April 19, 2012

To save me time searching for commonly used commands for administering Check Point SecurePlatform (SPLAT) based boxes, I’ve started to put together a list of them here:



chsh -s /bin/bash username – ensures that user “username” is dropped automatically into Expert Mode when logging in through the console

fw ctl pstat (displays data about Capacity, Kernel, INSPECT, connections, NAT and Sync on firewalls)

idle 120 – extends the CLI timeout to 120 seconds when logged into SPshell

unset tmout – disables the CLI timeout when logged into Bash shell or in Expert Mode

cpadmin stop – shuts down the WebUI management services

cpadmin start – starts the WebUI management services

rpm-qa | grep kernel - determine the kernel build



Cluster XL:

cphaprob state (shows the cluster load state)

cphaprob -a if (shows the status of interfaces monitored)

fw ctl pstat – check the output of the Sync section to confirm if sync packets are being sent/received between the cluster members:

 Version: new
 Status: Able to Send/Receive sync packets
 Sync packets sent:
 total : 51348080, retransmitted : 7, retrans reqs : 0, acks : 2373
 Sync packets received:
 total : 1026629, were queued : 0, dropped by net : 0
 retrans reqs : 5, received 71 acks
 retrans reqs for illegal seq : 0
 dropped updates as a result of sync overload: 0


eth_set eth0 100f (sets the speed and duplex of eth0 to 100Mb Full Duplex – survives a reboot)

ethtool eth0 (displays the settings for interface eth0 such as speed/duplex etc

netstat -rn (to show the routing table of your device)

ifconfig ( to show the list of available interfaces)

tcpdump -i eth0 -s 1500 net -w/var/tmp/xxw.pcap

* If you want to filter based on the network address, you should put as above, if filter based on host, change it to ‘host′.
**The -s 1500 indicate the normal 1500 size packet you want to capture. If you don’t define 1500, the packets captured will show incomplete details.
***-w is used to save the files to a specific folder. By defining the file extension with .pcap, you’d be able to double click the file to open it via ethereal.

netstat -rn | more (displays the routing table, without resolving names – if you wish to display it per page, use | more at the end of your command line)

netstat -i (displays the Interface Table – useful for displaying error statistics)


Other Useful Linux Commands

gtar -zxvf <file name.tgz> – extracts the contents of a .tgz file to the directory that you are currently in


cat /proc/meminfo or free - Will tell you how much memory is available, how much is used, and how much is swapped, as well asother metrics associated with memory.


grep command can be used at the end of the normal commands to grab specific names you wish to search for. eg. if you wish to see routing table entries for eth3, the command would be:

netstat -rn | grep eth3


df -h displays the amount free disk space no each mounted drive in human readable form ie. GB’s and MB’s.  For example:

[Expert@checkpoint_box]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda6 1004M 160M 793M  17%  /
/dev/sda1 145M  11M  126M  8%   /boot
/dev/sda5 3.4G  3.4G 0     100% /opt
/dev/sda2 1.5G  569M 861M  40%  /sysimg
/dev/sda7 215G  200G 3.9G  99%  /var

Leave a Reply

Your email address will not be published. Required fields are marked *