This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pavan9096
Explorer
‎2024-12-06 02:58 AM

CheckPoint Gateway HitCount

I can run the API/command on the Check Point Management Server to retrieve the hit counts for security rules, but it provides the aggregate hit counts for all gateways on which security policy applied rather than specific ones.

Is there a command, API, or method available to collect the security rule hit counts directly from a local gateway instead of through the Management Server?

0 Kudos
4 Replies
the_rock
Legend
Legend
‎2024-12-06 06:27 AM

Maybe this?

Andy

https://sc1.checkpoint.com/documents/latest/APIs/index.html?#clish/show-access-rule~v2%20

0 Kudos
CheckMatesAI
Bot
‎2024-12-06 06:32 AM

This answer is provided by Infinity AI Copilot and should be confirmed by reviewing official documentation in Support Center.

Currently, there isn't a direct command or API to retrieve security rule hit counts directly from a local gateway. The hit counts are typically aggregated and retrieved through the Check Point Management Server.

However, you can use the cpstat command on the Management Server to get hit counts for a specific Security Gateway and save it to a file. Here's how you can do it:

  1. Connect to the command line on the Management Server.
  2. Log in to the Expert mode.
  3. Use the following command to get the hit count for a specific Security Gateway:
    cpstat -h <IP Address of Security Gateway Object> blades > /var/log/HitCount_for_GW.txt
    Replace <IP Address of Security Gateway Object> with the actual IP address of your Security Gateway.

This method allows you to export the hit count data for a specific gateway, but it still requires access through the Management Server. If you need further assistance or have any other questions, feel free to ask!

0 Kudos
PhoneBoy
Admin
Admin
‎2024-12-06 06:35 AM
In response to CheckMatesAI

To confirm the answer by CheckMatesAI, see: https://support.checkpoint.com/results/sk/sk135212

0 Kudos
the_rock
Legend
Legend
‎2024-12-06 06:39 AM
In response to PhoneBoy

@PhoneBoy 

Not sure if this looks right (just did it in my lab), but seems some info is missing...

Andy

 

[Expert@CP-MANAGEMENT:0]# cpstat -h 172.16.10.249 blades > /var/log/hitcount_for_gw.txt
[Expert@CP-MANAGEMENT:0]# more /var/log/hitcount_for_gw.txt

Packets accepted : 44090826
Packets dropped : 13516
Peak number of connections: 1019
Number of connections: 7


Top Rule Hits
-----------------------
|rule index|rule count|
-----------------------
-----------------------


[Expert@CP-MANAGEMENT:0]#

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events