Common Check Point Commands (ccc)

Document created by Danny Jung Champion on Sep 19, 2017Last modified by Danny Jung Champion on Jun 29, 2018
Version 34Show Document
  • View in full screen mode


I always thought of having a simple Bash script that would allow me to run common Check Point CLI tasks without having to crawl for command cheat sheets, bookmarks, google, manuals, knowledge base etc.

Moti Sagey's  Top 3 Check Point CLI commands thread inspired me to start this project, allowing everyone to suggest new enhancements, improvements and share their ideas.


To install the script on your Check Point, in Expert mode simply run :

curl_cli | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc

Or download it to the /usr/bin directory of your Check Point and make it executable.


--------------------------------------------- ccc v2.5 -
System: Firewall Cluster Node (HA) - Active
Appliance / Server: Check Point Appliance
Version: Check Point Gaia R80.10
CPU Cores: 8 | RAM: 24 GB | Swapping: 0 GB
CoreXL: On (8 Cores) | SecureXL: off
Uptime: 2 days
Gateway managed by: fwmgmt (IP:


Firewall Management & Gateway >
Firewall Management >
Firewall Gateway >
Firewall Troubleshooting >
VPN Troubleshooting >
Multi-Core Performance Tuning >
VSX Troubleshooting >
MDS Troubleshooting >
Standalone Firewall & Management >
Threat Emulation >
Threat Extraction >



0.1 - Initial Release

0.2 - Added more commands

0.3 - Interactive Mode added by Marko Keca

0.4 - Added more commands, removed a bug with the 'View all commands' option, Interface Cleanups

0.5 - Added advanced interface summary developed in this thread

0.6 - Implemented enhancements as suggested by Günther W. Albrecht and Martin Heim, added SIC status check for gateways, general code cleanup

0.7 - Added more Security Management commands and CPU + memory statistics

0.8 - Added IPS/Threat Prevention 'Panic Button' as described in this presentation by Timothy Hall and a command suggested by Maarten Sjouw plus more MDS/VSX commands

0.9 - Implemented enhancements as suggested by Mikael Johnsson and Sven Glock, added commands to enable/disable SecureXL

1.0 - Colors added for better user experience, dropping for out-of-state packets can now be turned on/off thanks to Dameon Welch Abernathy's thread, IPS Update Time is now shown on R80.x systems thanks to Jerom van den Hoek's thread and many other little adjustments to make this a real 1.x release

1.1 - Added system info to Main Menu (props to: Rosemarie Rodriguez & Nathan Davieau for their Healthcheck script), started a Threat Emulation & Extraction section, improved command coloring

1.2 - Enhanced system info as suggested by Martin Heim, improved system information for cluster status

1.3 - Code improvements, replaced several sed with faster tr and cut commands, added more cluster info to Main Menu, corrected checking routines as suggested by Günther W. Albrecht

1.4 - Added Identity Awareness commands, ability to check the postfix email queue (sk114034), MDS additions as suggested by Maarten Sjouw and output optimizations as suggested by Sven Glock

1.5 - Changed interactive mode to support arrow keys for navigation, added usage information, general performance improvements via Bash's builtin parameter substitution, various fixes

1.6 - Added self-update functionality as requested by Vladimir Yakovlev in this thread, implemented more tests to avoid calls to non-existing ressources as mentioned by Günther W. Albrecht

1.7 - Fixed a nasty bug discovered by Aleksei Shelepov and  Günther W. Albrecht. Thanks!

1.8 - Added commands to start/stop the ICA Management Tool, fixed a typo discovered by Ty King 

1.9 - Added cpconfig and mdsconfig utilities, added ipassignment.conf integrity check, improved Multi-Core Performance Tuning commands

2.0 - Improved detection for supported OS as suggested by cciesec2006 at CPUG, added commands for CoreXL Dynamic Dispatcher and Firewall Priority Queue handling

2.1 - Added more details to system info (memory, CPU cores, CoreXL & SecureXL statistics), added migrate export command to Firewall Management section, improved several checks

2.2 - Fixed Firewall Management commands as suggested by Günther W. Albrecht

2.3 - Added more commands for mail handling tasks within Check Point Threat Emulation & code optimization as suggested by Maciej Maczka

2.4 - Added Threat Extraction Bypass commands as suggested by Niels van Sluis, added command to show calculated interface topology for easier address spoofing troubleshooting, general code and interface cleanup

2.5 - Added command to check the LOM of Check Point Appliances, improved Address Spoofing commands as suggested Norbert Bohusch.

153 people found this helpful