Can you explain the impact of using fwstop and cps...

Rajesh_P · ‎2019-01-23

Can u explain the impact of using fwstop and cpstop ?

Matt_Ricketts · ‎2019-01-23

I haven't ever issued the command 'fw stop' but I can tell you that 'cp stop' will stop all of the Check Point processes and daemons. I have done 'ev stop' many times before, so I would have to guess that 'fw stop' will stop the Firewall processes while leaving the others running.

Basically, the impact of either command will stop the inspecting and passing of traffic on a security gateway. On a management server, 'fw stop' should have no impact since there are no Firewall services running there.

Rajesh_P · ‎2019-01-24

Ok. thanks.. i am wondering for SIC reset the complete firewall services will be stopped right ? So Sic reset becomes random for sites, whether the network also will go down while 'cp stop' comes into picture automatically followed by sic resets ?

G_W_Albrecht · ‎2019-01-24

See sk86521: Reset SIC without restarting the firewall process - on SMB, you have to use cpstop / cpstart (or test if fw_configload also does the job...).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

G_W_Albrecht · ‎2019-01-24

[Expert@GW_80.20:0]# fwstop
VPN-1 & FireWall-1 was not stopped.
Run cpstop to stop all Check Point products.

/opt/CPsuite-R80.20/fw1/bin/fwstop

# Usage: fwstop -f [-proc | -default | -driver | -all]
#
# -f: needed in order to run fwstop, otherwise will not run
# -default: does not uninstall the kernel, instead loads default filter
# -proc: kill only user-mode processes
#
# in Linux:
# by default the kernel module is not unloaded. -driver unloads it.
# this is not supported. use at your own risk 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Rajesh_P · ‎2019-01-24

thats great. so fw stop wont stop traffic procesing. r u able to pass traffic after executing fw stop. And on what scenario we wil do this ?

AlekseiShelepov · ‎2019-01-24

fwstop command should stop firewall module ("VPN-1 & FireWall-1"). It means that traffic will not be passed through a gateway. You might use it when you have a standalone environment and want to stop only firewall, but not management part.

cpstop command stops all Check Point processes on a device.

G_W_Albrecht · ‎2019-01-24

That is not fully true as you can read in the fwstop script - issuing "fwstop" will just display a message that explains you have to use it with parameters that guide what it really does only 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

G_W_Albrecht · ‎2019-01-24

I have to stress the point that the syntax is fwstop / cpstop 😉

As i wrote fwstop will kill processes and unload drivers. You can learnabout it in detail by studying this script. The same istrue of cpstart - /pfrm2.0/opt/fw1/bin/cpstart is a commented script that calls commands and other scripts.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

PhoneBoy · ‎2019-01-26

fwstop is a legacy command that predates FireWall-1 NG (R5x).

In general, you should use cpstop, which does the following:

Does an orderly shutdown of all Check Point-related processes
Disables IP Forwarding
Unloads the Access Control and Threat Prevention policies from the kernel module

Rajesh_P · ‎2019-01-26

thats cool.

Are you a member of CheckMates?

Can you explain the impact of using fwstop and cpstop ?