Checkpoint CLI commands and failover process

 System Uptime:

• "fw ctl uptime" - Shows the uptime of the firewall.
• "fw ver" - Shows the version and build number of the firewall software.

CPU:

• "fw ctl pstat" - Shows the CPU usage statistics.
• "top" - Shows the top processes by CPU usage.

High Availability:

• "cphaprob state" - Shows the state of the cluster members.
• "cphaprob list" - Shows the list of cluster members and their state.
• "cphaprob syncstat" - Shows the state of the configuration synchronization.

VPN:

• "vpn tu" - Shows the status of VPN tunnels.
• "vpn debug off" - Turns off VPN debugging.
• "vpn debug on" - Turns on VPN debugging.

Logs:

• "fwaccel stats" - Shows the firewall acceleration statistics.
• "fw log -f" - Shows the firewall logs in real-time.
• "fw log -g" - Shows the summary of the firewall logs.

Memory:

• "fw ctl mem" - Shows the memory usage statistics.
• "free" - Shows the amount of free and used memory.

Cluster:

• "cphaprob stat" - Shows the state of the cluster members.
• "cphaprob list" - Shows the list of cluster members and their state.
• "cphaprob syncstat" - Shows the state of the configuration synchronization.
• "cphastop" - Stops the cluster.
• "cphastart" - Starts the cluster.

Here are some additional common CLI commands that a security engineer may use on a daily basis for Check Point firewall:

• "fw stat" - Shows the current firewall policy and rule statistics.
• "fw tab -t connections -s" - Shows the current active connections on the firewall.
• "fw ctl chain" - Shows the current firewall kernel connections and statistics.
• "fw ctl multik stat" - Shows the current state of the multicast kernel connections.
• "fw ctl affinity -l" - Shows the current CPU affinity settings for firewall processes.
• "cpconfig" - Allows you to configure various settings on the firewall, such as network settings, security management, and licensing.
• "cphaprob -a if" - Shows the state of the cluster interfaces.
• "cphaprob -a stat" - Shows the detailed state of the cluster members.
• "cpstat os -f cpu" - Shows CPU usage statistics for the firewall.
• "cpstat os -f memory" - Shows memory usage statistics for the firewall.
• "cpstat fw -f policy" - Shows policy statistics for the firewall.
• "cpstat fw -f all" - Shows all firewall statistics.
• "cplic print" - Shows the current licensing information for the firewall.

To failover a Check Point firewall using CLI commands, you can use the following steps:

1. Connect to the CLI of the active firewall using a terminal program such as PuTTY.
2. Use the command "cphaprob state" to check the current state of the cluster members.
3. Use the command "cphaprob -a if" to check the state of the cluster interfaces.
4. Use the command "cphaprob -a stat" to check the detailed state of the cluster members.
5. If the active firewall is experiencing issues, you can use the command "cphaprob -d <member_id> - failover" to force a failover to the standby firewall.
   • Example: "cphaprob -d 1 - failover" to failover to member ID 1
6. Use the command "cphaprob state" again to verify that the failover was successful and the new active firewall is now in the "Up" state.
7. After the failover, use the command "cpstat os -f all" to check the status of the firewall.
8. If necessary, you can use the command "cpstat fw -f all" to check the firewall policy, connection and traffic statistics

It's important to note that before performing a failover, you should verify that the standby firewall is fully operational and has the latest configuration and security policies. Also, you should have administrative access to use these commands.