Checkpoint Firewall Cheat Sheet
The basic commands used for firewall administration. These commands are used only for the Unix platform.
| Add a administrator | fwm –a |
| Delete an administrator | fwm –r |
| Display administrators list | fwm -p |
| Start the firewall | fwstart |
| Stop the firewall | fwstop |
| Long stat list | fw stat -long |
| Short stat list | fw stat -short |
| Check license details | fw checklic |
| Print current license details | fw printlic |
| Print current Firewall modules | fw printlic -p |
| Overwrite existing licenses (delete ones already installed) | fw putlic –o |
| Load license into kernel | fw putlic –k |
| Display internal hosts | fw lichosts |
| Display version number | fw ver |
| Install authenication key onto host | fw putkey |
| Display contents of the inspect table | fw tab |
| As above but short list | fw tab –s |
| Display current connections | fw tab -t
|
| Export current log file to ascii file | fw exportlog –o |
| Rotate current log file | fw logswitch |
| Kill firewall daemon | fw kill –t |
| control IP forwarding | fw ctl ip_forwarding |
| Display internal stats of Firewall | fw ctl pstat |
| Install hosts internal interfaces | fw ctl install |
| Uninstall hosts internal interfaces | fw ctl uninstall |
| Fetch security policy and install | fw fetch |
| Generate a *.pf file from a *.W file | fw gen |
| Tail the current log file | fw log -f |
| Retrieve logs between times | fw log -s |
| inhibit host (source) for number of secs | fw sam –i src |
| remove inhibit from sam database | fw sam –C -i src |
| use fw tab to view blocked connections | Note |