最近在学习checkpoint,可能陆续会有相关的文章贴上来和大家分享,请各位多多指点哦。
这里先贴上CLI Tools的学习笔记,讲的不对的地方请大家不吝赐教。
先介绍下CLI tools, CLI是Command Line Interface的缩写说白了CLI tools 就是checkpoint为系统管理员提供的命令行管理界面及一些命令。跟linux text界面的概念是一回事。
下面是相关命令介绍,附件有checkpoint expert mode CLI命令介绍的pdf文档,记得下载哦。
1.系统配置命令: sysconfig
登录checkpoint 命令行界面后之后在命令行中输入sysconfig,系统将进入以下界面
可以选择相应的选项做相关的配置。这些配置在web管理界面都是可以做的,这里就不详细介绍了。
2.进入专家模式:expert
登录checkpoint firewall之后在命令行中输入expert,输入expert密码,进入专家模式
进入专家模式后可使用如下命令:
- tcpdum -i eth0
- tcpdump命令选项:
- Usage: tcpdump [-adeflnNOpqRStuvxX] [ -c count ] [ -C file_size ]
- [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ]
- [ -T type ] [ -U user ] [ -w file ] [ -E algo:secret ] [ expression ]
- fw unloadlocal
- unload current policy on the gateway,and sets the gateway to the default policy。
- fw stat
- the policy name will be displayed。
- fw ver
- the gateway version is displayed。
- fw --help
- 命令行帮助
- [Expert@firewall]# fw --help
- Unknown command "--help"
- Usage:
- fw ver [-h] ... # Display version
- fw kill [-sig_no] procname # Send signal to a daemon
- fw putkey ... # Client server keys
- fw sam ... # Control sam server
- fw sam_policy ... # SAM policy editor
- fw fetch targets # Fetch last policy
- fw amw fetch # Fetch Anti Malware policy
- fw tab [-h] ... # Kernel tables content
- fw monitor [-h] ... # Monitor ×××-1/FW-1 traffic
- fw ctl [args] # Control kernel
- fw lichosts # Display protected hosts
- fw log [-h] ... # Display logs
- fw logswitch [-h target] [+|-][oldlog] # Create a new log file;
- # the old log is moved
- fw repairlog ... # Log index recreation
- fw mergefiles ... # log files merger
- fw lslogs ... # Remote machine log file list
- fw fetchlogs ... # Fetch logs from a remote host
- netstat -rn displays the routting table
- ifconfig 接口配置命令,具体看ifconfig -h
- cpstop 停止服务
- cpstart 开启服务
- cprestart 重启服务
- adduser username To add the administrator
- deluser username To delete the administrator
- showusers show all user
- backup -f yourname_backup 创建备份 备份存储路径:/var/CPbackup/backups
- restore -f backupfilename 还原备份 必须在备份目录下
转载于:https://blog.51cto.com/centilinux/1008367