- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hi All,
I'm looking for a way within R80.10 to see a timestamp for when the last Threat Prevention (but more specifically, IPS) policy was installed. I know I can see firewall through fw stat. IPS stat only shows me that it is enabled and the signature update number which doesn't help for my use case. Is there a way to see when IPS or Threat Prevention policy was installed last? Thanks!
There is in an easy way:
# fw stat -b AMW

This is the information from cpview:

So to compare, the fw stat -b AMW shows the "Threat Prevention Policy Install Time", but in cpview you see the Online Updates of the services updating automatically.
There is not something like "IPS Policy" as you call it. IPS Signatures are applied via Threat Prevent Policy, but Core-Protections and Inspection-Setttings are applied via Access Policy. So both are relevant for you!
You can check this in installation history under Threat Tools in Threat Prevention policy.
Thanks for the reply. I should've mentioned I need a way to verify this from the gateway.
Why?
The Check Point way is to use the centralized management for that.
MGMT also has this with REST API.
Think of it as a troubleshooting/trust but verify step ![]()
Exactly! I need a way to verify outside of the management what policy is running on the gateway.
If it is the Check Point way, then why did Check Point build a command to view the firewall policy name and install time into the gateway?
It looks like cpstat will show this.
However, on my gateway (R80.10), the "update time" is N/A...

I also checked with cpstat -f ips blades (which should theoretically also show it) but I get an error on my system.
Maybe it works for you, though?
My gateway shows the same behavior, NA in CPVIEW and cpstat -f ips blades gives me an invalid flavour error. Works if I do cpstat -f fw blades but for some reason doesn't recognize the ips flavour.
'ips stat' will also show the IPS version installed on the gateway.
When I run ips stat it only shows me that IPS is enabled and the signature being used. No timestamp of install time
Correct. Like I mentioned before, it will show the IPS version, which you could match to management.
So the problem is this shows me the current version of the signature database. I need to see the last time the policy was installed. So for example, if I go make a change within my IPS policy, say setting a signature from detect to prevent, or even changing the complete profile from strict to optimized it still shows me the same IPS signature database version. I need a way to show when the last policy was installed. I know it seems overly picky but I need to be able to show a reference for the IPS policy was last installed.
I understand what you are trying to do. While I agree with others that SmartConsole would be best for getting this data or using the API to track this, I get there should be a way from the CLI. This is in no way an approved or verified method and please use at your own risk. The following command seems to return the date/time of the last IPS install.
ls -l /var/opt/CPsuite-R80/fw1/state/<gw_or_cluster_name>/AMW/* | grep IPS | awk '{print $6" "$7" "$8}'
There is in an easy way:
# fw stat -b AMW

This is the information from cpview:

So to compare, the fw stat -b AMW shows the "Threat Prevention Policy Install Time", but in cpview you see the Online Updates of the services updating automatically.
There is not something like "IPS Policy" as you call it. IPS Signatures are applied via Threat Prevent Policy, but Core-Protections and Inspection-Setttings are applied via Access Policy. So both are relevant for you!
Hi Norbert,
Thanks for the reply, that was exactly what I needed! Just tested it out and it shows the Threat Prevention policy install separate from the Firewall policy install.
Hi All.
Please advise do I need read/write account to run such command or I could do it with read-only?
Thank you.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 68 | |
| 23 | |
| 7 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY