cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Working with Checkpoint files

Hi All,

Could you explain me some the impartant files in $FWDIR and their usage.

since Checkpoint People always works and analyses with files..

It is good to know at least some of the impartent files and their usage.

Thanking you in Advance

5 Replies

Re: Working with Checkpoint files

Hi,

Some important directories & files of mgmt. server is listed below.

$CPDIR/conf - Contains parts of the CPShared system
    * cp.license  - license of machine
    * sic_cert.p12 - SIC certificate
$FWDIR/lib - .def files which are used when the rulebase is complied into inspection code for Enforcement points.
$FWDIR/conf - the rule base and the rest of the security policy can be found here.
    * rulebases_5_0.fws - Contains rulebases and duplicate in *.w files
    * objects_5.0.C - Contains all the objects. objects.C is created when sent to the Enforcement Points
$FWDIR/conf/fwauth.* - User Database, main file being fwauth.NDB
$FWDIR/conf/masters - Defines the local log definition in Dashboard
$FWDIR/database/fwauth.* - User Datbase, main file being fwauth.NDB
$FWDIR/log - Logs

$FWDIR/bin/upgrade_tools  - You can do upgrade_export for migration of mgmt. server

Enforcement Point

$CPDIR/conf - Contains parts of the CPShared system
    * cp.license  - license of machine
    * sic_cert.p12 - SIC certificate

$FWDIR/conf/discntd.if - Add interfaces you want to show as disconnected for ClusterXL.

0 Kudos
Admin
Admin

Re: Working with Checkpoint files

If R80+, rulebases_5_0.fws and objects_5_0.C are not the real true versions of this information as we use a proper database now. 

0 Kudos
Admin
Admin

Re: Working with Checkpoint files

In general, you don't manually edit any files here unless instructed by the TAC or a SecureKnowledge article.

Do we maintain a comprehensive list of these files and what they do? No.

If you're curious about a specific file, your best bet is to search SecureKnowledge.

Re: Working with Checkpoint files

Agreed ! !

Could you please explain the difference between the below directories.

/var/opt

/opt

$FWDIR

what Type of files will be residing inside theses directories.

0 Kudos

Re: Working with Checkpoint files

since Checkpoint People always works and analyses with files..

that's just not true anymore, now that we use industry databases for configuration storage, data is binary across multiple files and cannot be opened using "less" etc. Instead, you got mgmt_cli

What we still have is logs for Management processes. But those very often contain data that is only valid if you combine it with other indicators. If you find "failed" and "error" and "corrupt" in various /var/log files at Check Point machines, it is most likely a false-positive taken from Check Point engines which you don't use - so when those engines checks if they need to be activated, they get a negative answer and print data which may intimidate non-Check Point-Developers.

When you want to get files for troubleshooting, this is your resource: search the error at Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ...  and find the relevant SecureKnowledge or CheckMates article.

In addition to self-troubleshooting, you can always open support tickets for problems and this will ensure that we fix its root cause for the benefit of all of our users.