cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

Hi Experts

 I've a query to get the Management server IP from Checkpoint gateway CLI. I'm currently working in an setup which is very big and every time we used to trace the network path for the firewall from user IP address or by using Splunk.

 

As i don't have permission to access the database which consists of the relevant  firewall to it's management server IP address , I've to rely on my seniors to check the database for the relevant Management server IP address.

Is there any command from the gateway/firewall CLI to check the relevant Management server IP address that's been associated to.  fw stat shows the policy name, not the CMA IP.

Thanks in advance.

Regards

Srinivasan

0 Kudos
1 Solution

Accepted Solutions
Admin
Admin

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

There's a few possibilities:

1. cplic print, which will show what licenses are installed on the gateway. In many cases, the IP listed is the management IP.

2. Look at $CPDIR/log/cpd.elg.* and see if there are any messages.

3. Check netstat -an | grep 18192 and see what IP is connected to the gateway.

6 Replies
Ni_c
Nickel

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

Try cat $FWDIR/conf/master file if you have access to expert mode of a firewall. It will give you info of management center and log server. 

0 Kudos

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

Hi, i'm not getting management server IP. Please advise.

[Expert@Hostname]# cat $FWDIR/conf/masters
[Policy]
usaaucx01-EMEA
usamesx01-EMEA
[Log]
usamesx01-EMEA
[Alert]
usamesx01-EMEA
[Backup]
usamesx01-EMEA

0 Kudos
Admin
Admin

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

There's a few possibilities:

1. cplic print, which will show what licenses are installed on the gateway. In many cases, the IP listed is the management IP.

2. Look at $CPDIR/log/cpd.elg.* and see if there are any messages.

3. Check netstat -an | grep 18192 and see what IP is connected to the gateway.

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

cplic print will most likely point to the Multi Domain Server and not the individual CMA.

0 Kudos

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

Hi Mate

Thanks. I got CMA IP by implementing netstat command.

[Expert@Hostname]# netstat -an | grep 18192
tcp 0 0 0.0.0.0:18192 0.0.0.0:* LISTEN
tcp 0 0 172.16.10.1:18192  172.31.24.16:60243 ESTABLISHED

0 Kudos

Re: Need Command-To Trace CMA IP using Gateway CLI

Jump to solution

On a more generic level I find it ... disturbing that there seems to be no design available for the Check Point Management Infrastructure.

If a customer would ask me this I would recommend they fix the organisational problem. As the technical answer is merely a workaround for a organisational problem.

0 Kudos