This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tedd123
Explorer
‎2022-10-05 04:31 AM
Jump to solution

Smartconsole

Hi am new in checkpoint  smartconsole  and sometime I have to create some policies (source destination and port number) .My question is can we check if the policy is working on smartconsole cli like fortigate  diagnose debug .

 

Thanks for you help.

 

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2022-10-05 06:54 AM
Jump to solution

If you want to check which policy is installed and the time it was installed use one of the following commands on the Security Gateway:

For Access Control Policy

fw stat

cpstat fw 

cpstat fw -f <relevant flag>

 

For Threat Prevention Policy

fw stat -b AMW

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2022-10-05 05:58 AM
Jump to solution

The SmartConsole CLI is not going to tell you what policy is currently running on a gateway right now.
And in any case, no policy changes you do in SmartConsole will impact gateways until you explicitly push the policy to them.
Something like the following might be useful to see what the gateway says it’s policy is: https://community.checkpoint.com/t5/General-Topics/Show-Ruleset-and-Objects-on-the-Gateway-Emergency...

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2022-10-05 06:54 AM
Jump to solution

If you want to check which policy is installed and the time it was installed use one of the following commands on the Security Gateway:

For Access Control Policy

fw stat

cpstat fw 

cpstat fw -f <relevant flag>

 

For Threat Prevention Policy

fw stat -b AMW

0 Kudos
tedd123
Explorer
‎2022-10-05 10:32 AM
In response to Tal_Paz-Fridman
Jump to solution

Hi Tal ,

Am new with the checkpoint stuff am more fortigate expert. My new job allow me only to access  the smartconsole same as fortimanager  (create policy and push to the fortigate)

Am limited access on the physical hardware as you mention (security gateway) my question is can we do a ping option source ip to destination ip on the smartconsole to confirm if the policy is working fine.

Thanks

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-05 06:35 PM
In response to tedd123
Jump to solution

Note that without any sort of CLI access to the Security Gateway, your troubleshooting capabilities will be very limited.
The SmartConsole CLI only allows you to access the management API.

Seeing as we drop all packets with IP Options enabled by default, you cannot use that to test the policy.
However, I think you'll be able to find the information you're looking for in SmartConsole.
Go to Gateways and Servers and click on the relevant gateway object.
Then find the Device and License information below:

image.png

From the resulting window, you should be able to find what policy is installed.

0 Kudos
tedd123
Explorer
‎2022-10-06 05:16 AM
In response to PhoneBoy
Jump to solution

Thanks PhoneBoy,

I will try to get access on the hardware device, so that i can learn the way of troubleshooting level on cli like

Ping 

traceroute 

details about routing table path .

etc...

 

0 Kudos
Sorin_Gogean
Advisor
‎2022-10-06 05:26 AM
In response to tedd123
Jump to solution

hey,

 

just as an idea, you can run some scripts (CLI) from SmartConsole towards the Cluster or individual member.

by doing that you will not have to SSH to the GW and do other steps.

(right-click on cluster/gw and choose Scripts [top option])

 

ty,

0 Kudos
tedd123
Explorer
‎2022-10-06 05:09 AM
In response to Tal_Paz-Fridman
Jump to solution

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events