This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Ellis
Advisor
‎2025-06-25 06:54 AM
Jump to solution

At a gateway, how do I determine what domain the gateway belongs to?

Hi folks,

MDM Environment.  How can I determine at the gateway where a policy was installed from?  Even better, how can I determine the domain the gateway and policy belong to?

I tried finding a CLI command, MIB member, and even if I could find the name in logs or certificates.  Has anyone figured this out?

TIA
George Ellis @ IHG

0 Kudos
2 Solutions

Accepted Solutions
emmap
Employee
Employee
‎2025-06-25 06:33 PM
Jump to solution

If you want to see the primary DMS name (and secondary if you have put it in the gateway under 'Fetch Policy') and the log servers, you can cat the masters file.

[Expert@EXLGW-s01-01:0]# cat /var/opt/CPsuite-R82/fw1/conf/masters
[Policy]
MgmtName
[Log]
MgmtName
[Alert]
MgmtName

View solution in original post

(1)
George_Ellis
Advisor
‎2025-06-26 06:11 AM
In response to the_rock
Jump to solution

emmap's solution is even better.

cat $FWDIR/conf/masters

I got lazy and asked grok to do it faster than I could type and verify...

cat $FWDIR/conf/masters | awk '/\[Policy\]/ {flag=1; next} /\[/{flag=0} flag' | tr '\n' ' ' | xargs
cat $FWDIR/conf/masters | awk '/\[Log\]/ {flag=1; next} /\[/{flag=0} flag' | head -n 1
cat $FWDIR/conf/masters | awk '/\[Backup\]/ {flag=1; next} /\[/{flag=0} flag' | head -n 1

 

View solution in original post

0 Kudos
10 Replies
Chris_Atkinson
Employee Employee
Employee
‎2025-06-25 07:10 AM
Jump to solution

You will get some clues from the following cmds:

netstat -an | grep 18192 

cpstat fw

 

 

CCSM R77/R80/ELITE
0 Kudos
George_Ellis
Advisor
‎2025-06-25 10:21 AM
In response to Chris_Atkinson
Jump to solution

Netstat works to a degree as it list both MDMs.  Not the preferred method as I will have to create a if/then to assign the domain name to a variable based on the last octet.

There are multiple ways to get the policy name either via snmpwalk or this method (which is what I use)
fw stat | awk '/localhost/ {print $2,$3}'

Bonus content:  - Get the IP of the Log server.
cpstat fw -f log_connection |grep 'Log-Server Connected' | awk '{print $1}' | sed 's/|//g'
<Reply is IP>

cpstat fw -f log_connection |grep 'Log-Server Disconnected' | awk '{print $1}' | sed 's/|//g'

<Reply is IP>

0 Kudos
the_rock
Legend
Legend
‎2025-06-25 10:33 AM
Jump to solution

See if this helps.

Andy

https://community.checkpoint.com/t5/General-Topics/Policy-location-on-a-gateway-R80/td-p/46865

0 Kudos
the_rock
Legend
Legend
‎2025-06-25 10:39 AM
Jump to solution

Maybe check below too.

Andy

cat $FWDIR/state/local/FW1/local.set | grep -i policy

0 Kudos
the_rock
Legend
Legend
‎2025-06-25 06:14 PM
Jump to solution

Im pasting what you said in the other post from few years ago, will also try this in my R81.20 and R82 labs.

Andy

************************

Thanks guys for the directory suggestions (and the other replies)

I found the cheat code.  

cat $FWDIR/state/local/FW1/local.sic_name |grep 'o='|awk -F ,o= '{print $2}'|awk -F . '{print $NR}'

 

Background
cat local.sic_name
sic_name=cn=<fwname>,o=<domainname>..<CAthingy>

0 Kudos
George_Ellis
Advisor
‎2025-06-26 06:11 AM
In response to the_rock
Jump to solution

emmap's solution is even better.

cat $FWDIR/conf/masters

I got lazy and asked grok to do it faster than I could type and verify...

cat $FWDIR/conf/masters | awk '/\[Policy\]/ {flag=1; next} /\[/{flag=0} flag' | tr '\n' ' ' | xargs
cat $FWDIR/conf/masters | awk '/\[Log\]/ {flag=1; next} /\[/{flag=0} flag' | head -n 1
cat $FWDIR/conf/masters | awk '/\[Backup\]/ {flag=1; next} /\[/{flag=0} flag' | head -n 1

 

0 Kudos
the_rock
Legend
Legend
‎2025-06-26 06:17 AM
In response to George_Ellis
Jump to solution

Your command is great too, just tested in my lab.

Andy


[Expert@CP-FW-01:0]# cat $FWDIR/state/local/FW1/local.sic_name |grep 'o='|awk -F ,o= '{print $2}'|awk -F . '{print $NR}'
cp-management

[Expert@CP-FW-01:0]#

0 Kudos
emmap
Employee
Employee
‎2025-06-25 06:33 PM
Jump to solution

If you want to see the primary DMS name (and secondary if you have put it in the gateway under 'Fetch Policy') and the log servers, you can cat the masters file.

[Expert@EXLGW-s01-01:0]# cat /var/opt/CPsuite-R82/fw1/conf/masters
[Policy]
MgmtName
[Log]
MgmtName
[Alert]
MgmtName
(1)
George_Ellis
Advisor
‎2025-06-26 05:57 AM
In response to emmap
Jump to solution

That is even better.  It helps with verifying other things like "is there a secondary log server" and "is the HA MDM defined".

[Policy]
MgmtName
MgmtNameHA
[Log]
MgmtMLMPrimary
[Alert]
MgmtMLMPrimary
[Backup]
MgmtMLMSecondary


 

 

0 Kudos
George_Ellis
Advisor
‎2025-06-26 12:21 PM
In response to emmap
Jump to solution

BONUS TIME.

We are worldwide with 13 CMAs.  There is some mismatch of which firewalls are in which domain.  So I am in the CLI and need to go to the SmartConsole CMA.  If I don't remember where it resides, go to the MDM SC, click on GATEWAYS and SERVERS, look it up.

Oh, this is easy
"cat $FWDIR/conf/masters"

Ah, so open that CMA.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events