cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Rajesh_P
Iron

Can you explain the impact of using fwstop and cpstop ?

Can u explain the impact of using fwstop and cpstop ?

10 Replies
Employee+
Employee+

Re: Can u explain the impact of using fw stop and cp stop ?

I haven't ever issued the command 'fw stop' but I can tell you that 'cp stop' will stop all of the Check Point processes and daemons. I have done 'ev stop' many times before, so I would have to guess that 'fw stop' will stop the Firewall processes while leaving the others running.

Basically, the impact of either command will stop the inspecting and passing of traffic on a security gateway. On a management server, 'fw stop' should have no impact since there are no Firewall services running there. 

Rajesh_P
Iron

Re: Can u explain the impact of using fw stop and cp stop ?

Ok. thanks.. i am wondering for SIC reset the complete firewall services will be stopped right ? So Sic reset becomes random for sites, whether the network also will go down while 'cp stop' comes into picture automatically followed by sic resets ?

0 Kudos

Re: Can u explain the impact of using fw stop and cp stop ?

See sk86521: Reset SIC without restarting the firewall process - on SMB, you have to use cpstop / cpstart (or test if  fw_configload also does the job...).

0 Kudos

Re: Can u explain the impact of using fw stop and cp stop ?

[Expert@GW_80.20:0]# fwstop
VPN-1 & FireWall-1 was not stopped.
Run cpstop to stop all Check Point products.

/opt/CPsuite-R80.20/fw1/bin/fwstop


# Usage: fwstop -f [-proc | -default | -driver | -all]
#
# -f: needed in order to run fwstop, otherwise will not run
# -default: does not uninstall the kernel, instead loads default filter
# -proc: kill only user-mode processes
#
# in Linux:
# by default the kernel module is not unloaded. -driver unloads it.
# this is not supported. use at your own risk 😉

Rajesh_P
Iron

Re: Can u explain the impact of using fw stop and cp stop ?

thats great. so fw stop wont stop traffic procesing. r u able to pass traffic after executing fw stop. And on what scenario we wil do this ?

0 Kudos

Re: Can u explain the impact of using fw stop and cp stop ?

fwstop command should stop firewall module ("VPN-1 & FireWall-1"). It means that traffic will not be passed through a gateway. You might use it when you have a standalone environment and want to stop only firewall, but not management part.

cpstop command stops all Check Point processes on a device.

0 Kudos

Re: Can u explain the impact of using fw stop and cp stop ?

That is not fully true as you can read in the fwstop script - issuing "fwstop" will just display a message that explains you have to use it with parameters that guide what it really does only 😉

0 Kudos

Re: Can u explain the impact of using fw stop and cp stop ?

I have to stress the point that the syntax is fwstop / cpstop 😉

As i wrote fwstop will kill processes and unload drivers. You can learnabout it in detail by studying this script. The same istrue of cpstart - /pfrm2.0/opt/fw1/bin/cpstart  is a commented script that calls commands and other scripts.

0 Kudos
Admin
Admin

Re: Can you explain the impact of using fwstop and cpstop ?

fwstop is a legacy command that predates FireWall-1 NG (R5x).

In general, you should use cpstop, which does the following:

  • Does an orderly shutdown of all Check Point-related processes
  • Disables IP Forwarding
  • Unloads the Access Control and Threat Prevention policies from the kernel module
Rajesh_P
Iron

Re: Can you explain the impact of using fwstop and cpstop ?

thats cool.

0 Kudos