This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SriNarasimha005
Collaborator
‎2018-03-03 03:26 AM
Jump to solution

Need Command-To Trace CMA IP using Gateway CLI

Hi Experts

 I've a query to get the Management server IP from Checkpoint gateway CLI. I'm currently working in an setup which is very big and every time we used to trace the network path for the firewall from user IP address or by using Splunk.

 

As i don't have permission to access the database which consists of the relevant  firewall to it's management server IP address , I've to rely on my seniors to check the database for the relevant Management server IP address.

Is there any command from the gateway/firewall CLI to check the relevant Management server IP address that's been associated to.  fw stat shows the policy name, not the CMA IP.

Thanks in advance.

Regards

Srinivasan

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2018-03-03 10:21 PM
Jump to solution

There's a few possibilities:

1. cplic print, which will show what licenses are installed on the gateway. In many cases, the IP listed is the management IP.

2. Look at $CPDIR/log/cpd.elg.* and see if there are any messages.

3. Check netstat -an | grep 18192 and see what IP is connected to the gateway.

View solution in original post

6 Replies
Ni_c
Contributor
‎2018-03-03 01:45 PM
Jump to solution

Try cat $FWDIR/conf/master file if you have access to expert mode of a firewall. It will give you info of management center and log server. 

0 Kudos
SriNarasimha005
Collaborator
‎2018-03-03 08:32 PM
In response to Ni_c
Jump to solution

Hi, i'm not getting management server IP. Please advise.

[Expert@Hostname]# cat $FWDIR/conf/masters
[Policy]
usaaucx01-EMEA
usamesx01-EMEA
[Log]
usamesx01-EMEA
[Alert]
usamesx01-EMEA
[Backup]
usamesx01-EMEA

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-03 10:21 PM
Jump to solution

There's a few possibilities:

1. cplic print, which will show what licenses are installed on the gateway. In many cases, the IP listed is the management IP.

2. Look at $CPDIR/log/cpd.elg.* and see if there are any messages.

3. Check netstat -an | grep 18192 and see what IP is connected to the gateway.

Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2018-03-04 11:58 PM
In response to PhoneBoy
Jump to solution

cplic print will most likely point to the Multi Domain Server and not the individual CMA.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
SriNarasimha005
Collaborator
‎2018-03-04 12:05 AM
Jump to solution

Hi Mate

Thanks. I got CMA IP by implementing netstat command.

[Expert@Hostname]# netstat -an | grep 18192
tcp 0 0 0.0.0.0:18192 0.0.0.0:* LISTEN
tcp 0 0 172.16.10.1:18192  172.31.24.16:60243 ESTABLISHED

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2018-03-05 12:03 AM
Jump to solution

On a more generic level I find it ... disturbing that there seems to be no design available for the Check Point Management Infrastructure.

If a customer would ask me this I would recommend they fix the organisational problem. As the technical answer is merely a workaround for a organisational problem.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events