This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Matlu
MVP Silver
MVP Silver
‎2023-08-07 10:03 AM
Jump to solution

CLI diagnostic commands

Hello, everybody.

A question, is there any command in the CLI of my GW, that helps me with the NAT?

I mean, I have services that we publish to the Internet, which is using NAT (So they can access from the Internet), but we want a command to help us to see the translations from the CLI.

Is this possible?


In addition to this, we are starting to use the command
"fw tab -t connections -s" command, in order to be able to check the current and active connections through the GW.

FWA.png

But we have a doubt, is the PEAK column, the one that "tells" us how many connections there are through the GW?
Or is it some other column?

Thanks and greetings.

 
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 11:10 PM
Jump to solution

As the name implies, #VALS shows current number, #PEAK the peak number (since last reboot ?)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

7 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-08-07 03:45 PM
Jump to solution

You can check via show configuration or show nat-rules

Best,
Andy
0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-08-07 04:46 PM
In response to the_rock
Jump to solution

Bro,

But is there any command that tells me the NAT list that the GW is translating?

In cisco there is a command like "show ip nat translation", that helps to see the translation in real time.

In Checkpoint, is there this option?

Greetings.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-07 04:55 PM
In response to Matlu
Jump to solution

Will check tomorrow, not 100% sure.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-07 07:32 PM
In response to Matlu
Jump to solution

Hey bro,

Found below, but not sure if its useful to you.

Andy

Btw, I checked config for nat, but no such command on CP, similar to what you showed in Cisco.

https://community.checkpoint.com/t5/Management/What-is-the-command-to-check-NAT-from-CLI-of-CheckPoi...

https://community.checkpoint.com/t5/Security-Gateways/NAT-Rules-and-fw-tab/td-p/16398

 

Best,
Andy
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 11:08 PM
In response to the_rock
Jump to solution

show configuration does not list anything about NAT and show nat-rules does not exist on my R81.10. cpview shows the NATed connections:

nat.png

But that is not what the user wants to see, i fear!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-08 05:25 AM
In response to G_W_Albrecht
Jump to solution

Yes sir Guenther, agree 100% 🙂

Best,
Andy
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 11:10 PM
Jump to solution

As the name implies, #VALS shows current number, #PEAK the peak number (since last reboot ?)

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events