topic Re: Need CLI Command to see Interfaces and Associated IP Information in Firewall and Security Management

Need CLI Command to see Interfaces and Associated IP Information

subrun_jamil — Wed, 01 Dec 2021 20:29:34 GMT

Can you advise how to see Interfaces and Associated IP Information from CLI ?

Re: Need CLI Command to see Interfaces and Associated IP Information

mcatanzaro — Thu, 02 Dec 2021 05:43:59 GMT

Hi,

From clish you can use the ‘show interfaces’ command to show all interfaces.

You can then run ‘show interface <interface_name>’.

From expert you can use the ‘ip’ set of commands.

References:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/CLI-Reference-_interface_.htm

https://linux.die.net/man/8/ip

Re: Need CLI Command to see Interfaces and Associated IP Information

Yuri_Slobodyany — Thu, 02 Dec 2021 06:13:08 GMT

[Expert@R81-standalone:0]# ip ad | grep "inet"
inet 127.0.0.1/8 scope host lo
inet 192.168.133.129/24 brd 192.168.133.255 scope global eth0
inet 10.10.10.129/24 brd 10.10.10.255 scope global eth1
inet 172.17.0.1/16 scope global docker0

BTW Does anyone know what Docker is doing in my firewall ? 🙂

[Expert@R81-standalone:0]# docker --version
Docker version 1.13.1, build 07f3374/1.13.1

Re: Need CLI Command to see Interfaces and Associated IP Information

mcatanzaro — Thu, 02 Dec 2021 06:23:06 GMT

Hi,

Are you running any jumbo hotfix accumulators?

R81 JHF T10 removed the docker interface:

PRJ-19150,
PMTR-57495

Gaia OS

"Docker0" bridge interface with assigned IP address from class B private pool may appear in the system, causing routing issues.

AFAIK docker is mainly for the SMC web application.

Re: Need CLI Command to see Interfaces and Associated IP Information

Yuri_Slobodyany — Thu, 02 Dec 2021 06:38:57 GMT

Thanks,

nope - running vanilla Take 392 (it is a lab environment).

[Expert@R81-standalone:0]# docker --version
Docker version 1.13.1, build 07f3374/1.13.1
[Expert@R81-standalone:0]# ip ad | grep docker
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
inet 172.17.0.1/16 scope global docker0
[Expert@R81-standalone:0]#
[Expert@R81-standalone:0]# fw ver
This is Check Point's software version R81 - Build 959
[Expert@R81-standalone:0]# fwm ver
This is Check Point Security Management Server R81 - Build 287

Re: Need CLI Command to see Interfaces and Associated IP Information

Bob_Zimmerman — Thu, 02 Dec 2021 19:50:51 GMT

I wrote this one to show me the VSID, name, MAC, and IP address for every interface on every VS:

printf "%5s%12s%19s%19s\n" "VSID" "Interface" "MAC Address" "IP Address/Prefix";for vsid in $(ip netns list 2>/dev/null | cut -d' ' -f3 | cut -d')' -f1;ls /proc/vrf/ 2>/dev/null | sort -n);do vsenv $vsid>/dev/null 2>&1 || vsx set $vsid>/dev/null 2>&1;for iface in $(ifconfig -a | egrep "^[^ ]" | awk '{print $1}' | egrep -v "^(lo[0-9]*$|usb)");do printf "%5s" $vsid;printf "%12s" $iface;printf "%19s" $(ip addr show $iface | grep ' link/ether ' | awk '{print $2}');printf "%19s" $(ifconfig $iface | grep ' inet ' | cut -d':' -f2 | cut -d' ' -f1);echo "";done;done

Works on SecurePlatform (really old versions), GAiA with 2.6 kernel (up through R80.30), and GAiA with 3.10 kernel (R80.40 and later).

Separately, I also quite like this for showing physical interface information:

printf "%9s%13s%10s%8s%6s\n" "Interface" "PCIe Addr" "PCI-ID" "Driver" "Link?";ifconfig -a | egrep "^[^ ]" | awk '{print $1}' | egrep -v "^(lo$|usb|bond[0-9\.]+|gre(tap)?[0-9]+|Mgmt\.[0-9]|eth[-0-9]+\.)" | xargs -n 1 -I @ sh -c 'printf "%9s" @;printf "%13s" $(ethtool -i @ | grep "bus" | cut -d" " -f2);printf "%10s" $(lspci -n | grep $(ethtool -i @ | grep "bus" | cut -d: -f3-4) | cut -d" " -f3);printf "%8s" $(ethtool -i @ | grep "driver" | cut -d" " -f2);printf "%6s" $(ethtool @ | grep "Link" | cut -d" " -f3);echo ""'

Example output:

[Expert@DallasSA:0]# printf "%5s%12s%19s%19s\n" "VSID" "Interface" "MAC Address" "IP Address/Prefix";for vsid in $(ip netns list 2>/dev/null | cut -d' ' -f3 | cut -d')' -f1;ls /proc/vrf/ 2>/dev/null | sort -n);do vsenv $vsid>/dev/null 2>&1 || vsx set $vsid>/dev/null 2>&1;for iface in $(ifconfig -a | egrep "^[^ ]" | awk '{print $1}' | egrep -v "^(lo[0-9]*$|usb)");do printf "%5s" $vsid;printf "%12s" $iface;printf "%19s" $(ip addr show $iface | grep ' link/ether ' | awk '{print $2}');printf "%19s" $(ifconfig $iface | grep ' inet ' | cut -d':' -f2 | cut -d' ' -f1);echo "";done;done VSID Interface MAC Address IP Address/Prefix 0 eth0 00:11:22:33:44:55 10.0.1.253 0 eth1 00:11:22:33:44:56 0 eth2 00:11:22:33:44:57 0 eth3 00:11:22:33:44:58 0 eth4 00:11:22:33:44:59 0 eth5 00:11:22:33:44:5a 0 gretap0 00:00:00:00:00:00 0 gre0 [Expert@DallasSA:0]# printf "%9s%13s%10s%8s%6s\n" "Interface" "PCIe Addr" "PCI-ID" "Driver" "Link?";ifconfig -a | egrep "^[^ ]" | awk '{print $1}' | egrep -v "^(lo$|usb|bond[0-9\.]+|gre(tap)?[0-9]+|Mgmt\.[0-9]|eth[-0-9]+\.)" | xargs -n 1 -I @ sh -c 'printf "%9s" @;printf "%13s" $(ethtool -i @ | grep "bus" | cut -d" " -f2);printf "%10s" $(lspci -n | grep $(ethtool -i @ | grep "bus" | cut -d: -f3-4) | cut -d" " -f3);printf "%8s" $(ethtool -i @ | grep "driver" | cut -d" " -f2);printf "%6s" $(ethtool @ | grep "Link" | cut -d" " -f3);echo ""' Interface PCIe Addr PCI-ID Driver Link? eth0 0000:02:00.0 8086:150c e1000e yes eth1 0000:03:00.0 8086:150c e1000e no eth2 0000:04:00.0 8086:150c e1000e no eth3 0000:05:00.0 8086:150c e1000e no eth4 0000:06:00.0 8086:150c e1000e no eth5 0000:07:00.0 8086:150c e1000e no [Expert@DallasSA:0]#