Common Check Point Commands (ccc)

Christopher_Ta1 · ‎2018-04-16

What cli command to show all installed policy and also ips policy.

XBensemhoun · ‎2018-04-16

Hi, you can use

cpstat fw

in order to find what policy package is installed on a Security Gateway.

For IPS, you'll have to use

ips stat

in order to check the ips status (active profile, update version, ...)

You can find such commands and lot more in the specific Admin Guide or on the CLI Reference Guide

Information Security enthusiast, CISSP, CCSP

Christopher_Ta1 · ‎2018-04-16

I mean, show/list all the firewall policy not the install policy package

Danny · ‎2018-04-16

You want to see all the rules that are installed on the local gateway, right? This is possible starting from R80.10. https://community.checkpoint.com/people/dwelccfe6e688-522c-305c-adaa-194bd7a7becc mentioned the file that contains all the rules a while ago. Let me check and get back to your shortly.

PhoneBoy · ‎2018-04-17

I don't remember saying that, but then again, I've probably forgotten more than I remember about Check Point

You can look in $FWDIR/state/local/FW1 on the gateway...where you'll find all kinds of stuff.

kamran_shabir · ‎2019-07-29

On R80.10, you can not see Active IPS profile by using command " ips stat " , use following command

# cat $FWDIR/state/local/AMW/local.set | grep -A15 malware_profiles | grep ":name" | awk '{print $2}' | tr -d "()"

Danny · ‎2018-04-16

Instead of looking for specific commands, you could also install our

script and have them always available by entering: ccc

JozkoMrkvicka · ‎2018-04-17

fw stat

for policy status.

Kind regards,
Jozko Mrkvicka

David_Azoulay · ‎2018-12-03

the following command will give you TP policy status:

fw stat -b AMW

CLI command to show FW/IPS Policy