Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tedd123
Explorer

Smartconsole

Jump to solution

Hi am new in checkpoint  smartconsole  and sometime I have to create some policies (source destination and port number) .My question is can we check if the policy is working on smartconsole cli like fortigate  diagnose debug .

 

Thanks for you help.

 

0 Kudos
1 Solution

Accepted Solutions

If you want to check which policy is installed and the time it was installed use one of the following commands on the Security Gateway:

For Access Control Policy

fw stat

cpstat fw 

cpstat fw -f <relevant flag>

 

For Threat Prevention Policy

fw stat -b AMW

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

The SmartConsole CLI is not going to tell you what policy is currently running on a gateway right now.
And in any case, no policy changes you do in SmartConsole will impact gateways until you explicitly push the policy to them.
Something like the following might be useful to see what the gateway says it’s policy is: https://community.checkpoint.com/t5/General-Topics/Show-Ruleset-and-Objects-on-the-Gateway-Emergency...

0 Kudos

If you want to check which policy is installed and the time it was installed use one of the following commands on the Security Gateway:

For Access Control Policy

fw stat

cpstat fw 

cpstat fw -f <relevant flag>

 

For Threat Prevention Policy

fw stat -b AMW

0 Kudos
tedd123
Explorer

Hi Tal ,

Am new with the checkpoint stuff am more fortigate expert. My new job allow me only to access  the smartconsole same as fortimanager  (create policy and push to the fortigate)

Am limited access on the physical hardware as you mention (security gateway) my question is can we do a ping option source ip to destination ip on the smartconsole to confirm if the policy is working fine.

Thanks

 

 

0 Kudos
PhoneBoy
Admin
Admin

Note that without any sort of CLI access to the Security Gateway, your troubleshooting capabilities will be very limited.
The SmartConsole CLI only allows you to access the management API.

Seeing as we drop all packets with IP Options enabled by default, you cannot use that to test the policy.
However, I think you'll be able to find the information you're looking for in SmartConsole.
Go to Gateways and Servers and click on the relevant gateway object.
Then find the Device and License information below:

image.png

From the resulting window, you should be able to find what policy is installed.

0 Kudos
tedd123
Explorer

Thanks PhoneBoy,

I will try to get access on the hardware device, so that i can learn the way of troubleshooting level on cli like

Ping 

traceroute 

details about routing table path .

etc...

 

0 Kudos
Sorin_Gogean
Advisor

hey,

 

just as an idea, you can run some scripts (CLI) from SmartConsole towards the Cluster or individual member.

by doing that you will not have to SSH to the GW and do other steps.

(right-click on cluster/gw and choose Scripts [top option])

 

ty,

0 Kudos
tedd123
Explorer

Thanks

0 Kudos