Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rajesh_P
Participant

Can you explain the impact of using fwstop and cpstop ?

Can u explain the impact of using fwstop and cpstop ?

10 Replies
Matt_Ricketts
Employee
Employee

I haven't ever issued the command 'fw stop' but I can tell you that 'cp stop' will stop all of the Check Point processes and daemons. I have done 'ev stop' many times before, so I would have to guess that 'fw stop' will stop the Firewall processes while leaving the others running.

Basically, the impact of either command will stop the inspecting and passing of traffic on a security gateway. On a management server, 'fw stop' should have no impact since there are no Firewall services running there. 

Rajesh_P
Participant

Ok. thanks.. i am wondering for SIC reset the complete firewall services will be stopped right ? So Sic reset becomes random for sites, whether the network also will go down while 'cp stop' comes into picture automatically followed by sic resets ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

See sk86521: Reset SIC without restarting the firewall process - on SMB, you have to use cpstop / cpstart (or test if  fw_configload also does the job...).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

[Expert@GW_80.20:0]# fwstop
VPN-1 & FireWall-1 was not stopped.
Run cpstop to stop all Check Point products.

/opt/CPsuite-R80.20/fw1/bin/fwstop


# Usage: fwstop -f [-proc | -default | -driver | -all]
#
# -f: needed in order to run fwstop, otherwise will not run
# -default: does not uninstall the kernel, instead loads default filter
# -proc: kill only user-mode processes
#
# in Linux:
# by default the kernel module is not unloaded. -driver unloads it.
# this is not supported. use at your own risk 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Rajesh_P
Participant

thats great. so fw stop wont stop traffic procesing. r u able to pass traffic after executing fw stop. And on what scenario we wil do this ?

0 Kudos
AlekseiShelepov
Advisor

fwstop command should stop firewall module ("VPN-1 & FireWall-1"). It means that traffic will not be passed through a gateway. You might use it when you have a standalone environment and want to stop only firewall, but not management part.

cpstop command stops all Check Point processes on a device.

G_W_Albrecht
Legend Legend
Legend

That is not fully true as you can read in the fwstop script - issuing "fwstop" will just display a message that explains you have to use it with parameters that guide what it really does only 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I have to stress the point that the syntax is fwstop / cpstop 😉

As i wrote fwstop will kill processes and unload drivers. You can learnabout it in detail by studying this script. The same istrue of cpstart - /pfrm2.0/opt/fw1/bin/cpstart  is a commented script that calls commands and other scripts.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

fwstop is a legacy command that predates FireWall-1 NG (R5x).

In general, you should use cpstop, which does the following:

  • Does an orderly shutdown of all Check Point-related processes
  • Disables IP Forwarding
  • Unloads the Access Control and Threat Prevention policies from the kernel module
Rajesh_P
Participant

thats cool.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events