Quantum SD-WAN Monitoring
Register HereCheckMates Fest 2026
Watch Now!AI Security Masters
Hacking with AI: The Dark Side of Innovation
MVP 2026: Submissions
Are Now Open!
Overlap in Security Validation
Help us to understand your needs better
CheckMates Go:
R82.10 and Rationalizing Multi Vendor Security Policies
Hey guys,
This script provided general config, health indicators, and also best practise recommendations for Gaia OS. As usual, please run dos2unix and chmod 777 before testing it.
My lab output:
[Expert@CP-GW:0]# ./cp_bestpractice_audit.sh
--------------------------------------------------------------------------------
Check Point Gaia Best-Practice Audit (Read-Only)
--------------------------------------------------------------------------------
Timestamp: Tue Jan 20 08:12:12 EST 2026
Host: CP-GW
Report: /var/log/cp_bestpractice_audit_20260120_081212.txt
--------------------------------------------------------------------------------
1) Platform / Version
--------------------------------------------------------------------------------
[CMD] Gaia & product version
clish -c "show version all"
----- OUTPUT BEGIN -----
Product version Check Point Gaia R82
OS build 777
OS kernel version 4.18.0-372.9.1cpx86_64
OS edition 64-bit
----- OUTPUT END -------
[CMD] Hostname / domain
clish -c "show hostname"; clish -c "show domainname"
----- OUTPUT BEGIN -----
CP-GW
----- OUTPUT END -------
[CMD] Check Point services state (cpwd)
have cpwd_admin && cpwd_admin list || echo "cpwd_admin not available"
----- OUTPUT BEGIN -----
bash: have: command not found
cpwd_admin not available
----- OUTPUT END -------
[CMD] Installed policy status (cpstat fw)
have cpstat && cpstat fw || echo "cpstat not available"
----- OUTPUT BEGIN -----
bash: have: command not found
cpstat not available
----- OUTPUT END -------
[CMD] Policy install details (fw stat -l)
have fw && fw stat -l || echo "fw command not available"
----- OUTPUT BEGIN -----
bash: have: command not found
fw command not available
----- OUTPUT END -------
--------------------------------------------------------------------------------
2) Time, Timezone, NTP (Best Practice: enable NTP)
--------------------------------------------------------------------------------
[CMD] Current time / timezone
clish -c "show time"; clish -c "show timezone"
----- OUTPUT BEGIN -----
Time 08:12:15
Time Zone: Canada/Eastern (GMT -05:00)
----- OUTPUT END -------
No
[WARN] NTP may be disabled or not configured. Best practice: enable NTP and define reliable servers.
[CMD] NTP servers
clish -c "show ntp servers"
----- OUTPUT BEGIN -----
IP Address Type Version Preferred
ntp2.checkpoint.com server 4 no
ntp.checkpoint.com server 4 yes
----- OUTPUT END -------
--------------------------------------------------------------------------------
3) DNS & Management Plane Exposure
--------------------------------------------------------------------------------
[CMD] DNS configuration
clish -c "show dns primary"; clish -c "show dns secondary"; clish -c "show dns tertiary" 2>/dev/null || true
----- OUTPUT BEGIN -----
8.8.8.8
8.8.4.4
1.1.1.1
----- OUTPUT END -------
[CMD] Management interface
clish -c "show management interface"
----- OUTPUT BEGIN -----
eth0
----- OUTPUT END -------
[CMD] Allowed management clients (best practice: restrict)
clish -c "show allowed-client all"
----- OUTPUT BEGIN -----
Type Address Mask Length
Host Any
----- OUTPUT END -------
--------------------------------------------------------------------------------
4) SSH Hardening Indicators (Read-Only)
--------------------------------------------------------------------------------
[CMD] SSHD effective indicators (sshd_config)
egrep -n '^(Port|Protocol|PermitRootLogin|PasswordAuthentication|PubkeyAuthentication|AllowUsers|AllowGroups|ClientAliveInterval|ClientAliveCountMax|MaxAuthTries|LoginGraceTime)\b' '/etc/ssh/sshd_config' || true
----- OUTPUT BEGIN -----
157:PermitRootLogin yes
158:PasswordAuthentication yes
166:PasswordAuthentication no
167:PermitRootLogin no
168:ClientAliveInterval 0
----- OUTPUT END -------
[PASS] PermitRootLogin is set to 'no' (good).
[PASS] PasswordAuthentication is 'no' (keys-only) (good).
[INFO] SSH Port detected: 22 (default or not set)
--------------------------------------------------------------------------------
5) Password Policy Reminder (Gaia)
--------------------------------------------------------------------------------
[INFO] Best practice: enforce strong password policy (complexity, reuse history, expiration, lockout for unused accounts). Review in Gaia settings.
--------------------------------------------------------------------------------
6) Cluster / HA (if applicable)
--------------------------------------------------------------------------------
[CMD] ClusterXL status
cphaprob stat
----- OUTPUT BEGIN -----
HA module not started.
This gateway not configured as cluster
----- OUTPUT END -------
[CMD] Cluster sync status
cphaprob syncstat
----- OUTPUT BEGIN -----
HA module not configured.
----- OUTPUT END -------
--------------------------------------------------------------------------------
7) Kernel & Connections Snapshot (fw ctl pstat)
--------------------------------------------------------------------------------
[CMD] Kernel stats snapshot (fw ctl pstat)
fw ctl pstat
----- OUTPUT BEGIN -----
Virtual System Capacity Summary:
Physical memory used: 26% (3464 MB out of 13059 MB) - below watermark
Kernel memory used: 4% (573 MB out of 13059 MB) - below watermark
Virtual memory used: 22% (2884 MB out of 13059 MB) - below watermark
Used: 2884 MB by FW, 1152 MB by zeco
Concurrent Connections: 14 (Unlimited)
Aggressive Aging is enabled, not active
Kernel memory (kmem) statistics:
Total memory bytes used: 1778063177 peak: 2763745049
Allocations: 2759444115 alloc, 0 failed alloc
2755672734 free, 0 failed free
Cookies:
648157456 total, 0 alloc, 0 free,
336716 dup, 2542067965 get, 628128954 put,
1934007092 len, 2820787651 cached len, 0 chain alloc,
0 chain free
Connections:
235855 total, 177058 TCP, 58784 UDP, 13 ICMP,
0 other, 0 anticipated, 1 recovered, 14 concurrent,
523 peak concurrent
Fragments:
0 fragments, 0 packets, 0 expired, 0 short,
0 large, 0 duplicates, 0 failures
NAT:
311914901/0 forw, 316213228/0 bckw, 628126039 tcpudp,
2090 icmp, 219227-219220 alloc
Sync: Run "cphaprob syncstat" for cluster sync statistics.
----- OUTPUT END -------
[CMD] CoreXL dispatcher stats (if supported) (fw ctl pstat -c)
fw ctl pstat -c 2>/dev/null || echo "Not supported on this version / build"
----- OUTPUT BEGIN -----
Virtual System Capacity Summary:
Physical memory used: 26% (3464 MB out of 13059 MB) - below watermark
Kernel memory used: 4% (573 MB out of 13059 MB) - below watermark
Virtual memory used: 22% (2884 MB out of 13059 MB) - below watermark
Used: 2884 MB by FW, 1152 MB by zeco
Concurrent Connections: 16 (Unlimited)
Aggressive Aging is enabled, not active
Kernel memory (kmem) statistics:
Total memory bytes used: 1778150073 peak: 2763745049
Allocations: 2759454674 alloc, 0 failed alloc
2755682833 free, 0 failed free
Cookies:
648158050 total, 0 alloc, 0 free,
336720 dup, 2542070268 get, 628129519 put,
1934008874 len, 2820790241 cached len, 0 chain alloc,
0 chain free
Connections:
235857 total, 177060 TCP, 58784 UDP, 13 ICMP,
0 other, 0 anticipated, 1 recovered, 16 concurrent,
523 peak concurrent
Fragments:
0 fragments, 0 packets, 0 expired, 0 short,
0 large, 0 duplicates, 0 failures
NAT:
311915186/0 forw, 316213508/0 bckw, 628126604 tcpudp,
2090 icmp, 219229-219220 alloc
FWMULTIK GCONN STAT:
VS 0 info:
CPU 0:
notifications handled: 341304785, conn create failed: 0,
conns not from pool: 0, conns from pool: 234205, conns deleted: 474968, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 1:
notifications handled: 18191, conn create failed: 0,
conns not from pool: 0, conns from pool: 19, conns deleted: 84, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 9, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 2:
notifications handled: 53860622, conn create failed: 0,
conns not from pool: 0, conns from pool: 48283, conns deleted: 90220, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 3:
notifications handled: 55944880, conn create failed: 0,
conns not from pool: 0, conns from pool: 50805, conns deleted: 93932, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 4:
notifications handled: 55260182, conn create failed: 0,
conns not from pool: 0, conns from pool: 50646, conns deleted: 92204, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 5:
notifications handled: 55616893, conn create failed: 0,
conns not from pool: 0, conns from pool: 30716, conns deleted: 72742, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 1, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 6:
notifications handled: 53968416, conn create failed: 0,
conns not from pool: 0, conns from pool: 29676, conns deleted: 70578, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 7:
notifications handled: 33082861, conn create failed: 0,
conns not from pool: 0, conns from pool: 27316, conns deleted: 48424, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 8:
notifications handled: 38732, conn create failed: 0,
conns not from pool: 0, conns from pool: 428, conns deleted: 1038, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 69, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 9:
notifications handled: 137, conn create failed: 0,
conns not from pool: 0, conns from pool: 46, conns deleted: 10, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 10, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 10:
notifications handled: 2701, conn create failed: 0,
conns not from pool: 0, conns from pool: 16, conns deleted: 28, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 4, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 11:
notifications handled: 26, conn create failed: 0,
conns not from pool: 0, conns from pool: 11, conns deleted: 2, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 2, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 12:
notifications handled: 1479, conn create failed: 0,
conns not from pool: 0, conns from pool: 7, conns deleted: 18, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 13:
notifications handled: 1027, conn create failed: 0,
conns not from pool: 0, conns from pool: 0, conns deleted: 14, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 0, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 14:
notifications handled: 131, conn create failed: 0,
conns not from pool: 0, conns from pool: 2, conns deleted: 22, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 2, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
CPU 15:
notifications handled: 60, conn create failed: 0,
conns not from pool: 0, conns from pool: 14, conns deleted: 32, conn delete failed: 0, bad notifications: 0,
pkt_partial_search: 2, pkt_partial_match: 0,
pkt_localsrc_search: 0, pkt_localsrc_match: 0
FWMULTIK STAT:
VS 0 info:
CPU 0:
Zeco: 343440253 data mapped, 49 data unmapped, 343440253 shared info mapped, 49 shared info unmapped
cut through: 0, non linear skbs: 20035, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 343420259
Outbound packet userspace: 20043
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 13622350
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 1:
Zeco: 13960 data mapped, 1 data unmapped, 13960 shared info mapped, 1 shared info unmapped
cut through: 0, non linear skbs: 13562, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 391
Outbound packet userspace: 13570
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 2:
Zeco: 2154302 data mapped, 62882156 data unmapped, 2154302 shared info mapped, 62882156 shared info unmapped
cut through: 0, non linear skbs: 1252693, shared skbs: 0
data alloc from pool: 8136, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 65036458
Multik message kernel: 0
Multik message userspace: 893912
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 3:
Zeco: 2418272 data mapped, 64342210 data unmapped, 2418272 shared info mapped, 64342210 shared info unmapped
cut through: 0, non linear skbs: 1427648, shared skbs: 0
data alloc from pool: 7526, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 8
Outbound packet userspace: 66760474
Multik message kernel: 0
Multik message userspace: 903260
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 1
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 4:
Zeco: 2157746 data mapped, 63632351 data unmapped, 2157746 shared info mapped, 63632351 shared info unmapped
cut through: 0, non linear skbs: 1194752, shared skbs: 0
data alloc from pool: 8061, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 8
Outbound packet userspace: 65790089
Multik message kernel: 0
Multik message userspace: 907924
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 1
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 5:
Zeco: 1480138 data mapped, 44163275 data unmapped, 1480138 shared info mapped, 44163275 shared info unmapped
cut through: 0, non linear skbs: 647374, shared skbs: 0
data alloc from pool: 100844274, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 45643413
Multik message kernel: 0
Multik message userspace: 181940088
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 1
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 6:
Zeco: 1411613 data mapped, 42551194 data unmapped, 1411613 shared info mapped, 42551194 shared info unmapped
cut through: 0, non linear skbs: 691113, shared skbs: 0
data alloc from pool: 100867630, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 43962807
Multik message kernel: 0
Multik message userspace: 181988081
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 2
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 7:
Zeco: 1178374 data mapped, 24898750 data unmapped, 1178374 shared info mapped, 24898750 shared info unmapped
cut through: 0, non linear skbs: 353823, shared skbs: 0
data alloc from pool: 100743741, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 26077124
Multik message kernel: 0
Multik message userspace: 184259199
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 1
Notification Packet: 0
Vs message: 121
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 8:
Zeco: 32007 data mapped, 28 data unmapped, 32007 shared info mapped, 28 shared info unmapped
cut through: 0, non linear skbs: 38, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 31979
Outbound packet userspace: 56
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 4
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 9:
Zeco: 63 data mapped, 7 data unmapped, 63 shared info mapped, 7 shared info unmapped
cut through: 0, non linear skbs: 43, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 70
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 8
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 10:
Zeco: 426 data mapped, 4390 data unmapped, 426 shared info mapped, 4390 shared info unmapped
cut through: 0, non linear skbs: 23, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 391
Outbound packet userspace: 4425
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 11:
Zeco: 15 data mapped, 2 data unmapped, 15 shared info mapped, 2 shared info unmapped
cut through: 0, non linear skbs: 11, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 17
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 12:
Zeco: 25 data mapped, 3480 data unmapped, 25 shared info mapped, 3480 shared info unmapped
cut through: 0, non linear skbs: 21, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 3505
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 13:
Zeco: 285 data mapped, 534 data unmapped, 285 shared info mapped, 534 shared info unmapped
cut through: 0, non linear skbs: 285, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 819
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 14:
Zeco: 41 data mapped, 1 data unmapped, 41 shared info mapped, 1 shared info unmapped
cut through: 0, non linear skbs: 39, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 42
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
CPU 15:
Zeco: 21 data mapped, 3 data unmapped, 21 shared info mapped, 3 shared info unmapped
cut through: 0, non linear skbs: 14, shared skbs: 0
data alloc from pool: 0, data alloc not from pool: 0
fwmultik enqueue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 24
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik enqueue fail stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 0
Outbound packet userspace: 0
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
fwmultik dequeue stats:
Inbound packet kernel: 0
Outbound packet kernel: 0
Inbound packet userspace: 8
Outbound packet userspace: 2
Multik message kernel: 0
Multik message userspace: 0
F2P packet kernel: 0
F2P packet userspace: 0
VPN packet kernel: 0
VPN packet userspace: 0
Multik Notification: 0
Notification: 0
Notification Packet: 0
Vs message: 0
Vs_kill: 0
Forward before encrypt(F2F) kernel: 0
Forward before encrypt(F2F) userspace: 0
Async index req: 0
Accel ACK info: 0
SXL Device State Info: 0
Async ADP call: 0
Host Rank Info: 0
Mbuf alloc: 0
Memory Event: 0
FWMULTIK GLOBAL STAT:
VS 0 info:
INSTANCE 0:
multik_forwarding: 0
fwmultik dispatch reason:
not selected: 0
arbitray: 0
conn: 0
multik tag: 0
sxl tag: 0
param: 0
INSTANCE 1:
multik_forwarding: 1953325420
fwmultik dispatch reason:
not selected: 18446625743128520813
arbitray: 0
conn: 0
multik tag: 0
sxl tag: 0
param: 0
INSTANCE 2:
multik_forwarding: 0
fwmultik dispatch reason:
not selected: 0
arbitray: 1953325420
conn: 18446625743128520813
multik tag: 0
sxl tag: 0
param: 0
INSTANCE 3:
multik_forwarding: 0
fwmultik dispatch reason:
not selected: 0
arbitray: 0
conn: 0
multik tag: 1953325420
sxl tag: 18446625743128520813
param: 0
INSTANCE 4:
multik_forwarding: 0
fwmultik dispatch reason:
not selected: 0
arbitray: 0
conn: 0
multik tag: 0
sxl tag: 0
param: 1953325420
INSTANCE 5:
multik_forwarding: 18446625743128520813
fwmultik dispatch reason:
not selected: 0
arbitray: 0
conn: 0
multik tag: 0
sxl tag: 0
param: 0
Sync: Run "cphaprob syncstat" for cluster sync statistics.
----- OUTPUT END -------
--------------------------------------------------------------------------------
8) Logging / Log Server Indicators (basic)
--------------------------------------------------------------------------------
[CMD] Log server performance (if log server enabled) (cpstat mg -f log_server)
cpstat mg -f log_server 2>/dev/null || echo "Not available / not a log server"
----- OUTPUT BEGIN -----
Not available / not a log server
----- OUTPUT END -------
[CMD] Log connections (cpstat -f log_connection)
cpstat -f log_connection 2>/dev/null || echo "Not available"
----- OUTPUT BEGIN -----
Not available
----- OUTPUT END -------
--------------------------------------------------------------------------------
9) Threat Prevention Best-Practice Pointers (mostly SmartConsole-side)
--------------------------------------------------------------------------------
[INFO] Validate Threat Prevention profiles/policy, updates, and HTTPS Inspection according to Check Point Threat Prevention best practices & admin guidance.
[INFO] Docs to consult (see citations in chat response): R81 Threat Prevention Best Practices + R81.20 Threat Prevention Admin Guide.
--------------------------------------------------------------------------------
10) Optional: CPInfo Collection (heavy) - Use --cpinfo
--------------------------------------------------------------------------------
[INFO] Skipped CPInfo. Re-run with: ./cp_bestpractice_audit.sh --cpinfo (maintenance window recommended).
--------------------------------------------------------------------------------
Summary
--------------------------------------------------------------------------------
Report saved to: /var/log/cp_bestpractice_audit_20260120_081212.txt
[INFO] This script is read-only. Use SmartConsole/Gaia UI to implement changes.
Quick best-practice reminders:
- Keep software up to date and follow vendor hardening guidance.
- Restrict management access (allowed clients / admin-plane ACLs).
- Enable NTP with reliable sources.
- Prefer SSH keys; disable root login and password auth if feasible.
- Review password policy (complexity/history/expiration/lockout).
- Review Threat Prevention profiles/policy, updates, and HTTPS inspection where appropriate.
[Expert@CP-GW:0]#
Hey guys,
This script provided general config, health indicators, and also best practise recommendations for Gaia OS. As usual, please run dos2unix and chmod 777 before testing it.
My lab output:
[Expert@CP-GW:0]# ./cp_bestpractice_audit.sh
--------------------------------------------------------------------------------
Check Point Gaia Best-Practice Audit (Read-Only)
--------------------------------------------------------------------------------
Timestamp: Tue Jan 20 08:12
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
