{"id":26,"date":"2015-04-27T08:16:00","date_gmt":"2015-04-27T06:16:00","guid":{"rendered":"https:\/\/test.n3oxid.fr\/?p=26"},"modified":"2021-04-18T21:08:00","modified_gmt":"2021-04-18T19:08:00","slug":"check-point-en-cli","status":"publish","type":"post","link":"https:\/\/www.n3oxid.fr\/?p=26","title":{"rendered":"Check Point en CLI"},"content":{"rendered":"\n

Je souhaite v\u00e9rifier l’\u00e9tat des n\u0153uds au sein de mon clusterXL :<\/p>\n\n\n\n

[Expert@node1]# cphaprob state\n\nCluster Mode:   New High Availability (Primary Up)\n with IGMP Membership\n\nNumber     Unique Address  Assigned Load   State\n\n1 (local)  1.2.3.1         100%            Active\n2          1.2.3.2         0%              Standby\n<\/pre>\n\n\n\n

Je d\u00e9sire v\u00e9rifier l’\u00e9tat des interfaces du n\u0153ud ainsi que les interfaces de mon cluster :<\/p>\n\n\n\n
[Expert@node1]# cphaprob -a if\n\nRequired interfaces: 6\nRequired secured interfaces: 2\n\neth1       UP                    non sync(non secured), broadcast\neth2       UP                    non sync(non secured), broadcast\neth3       UP                    non sync(non secured), broadcast\neth4       UP                    sync(secured), broadcast\neth6       UP                    non sync(non secured), broadcast\nMgmt       UP                    sync(secured), broadcast\n\nVirtual cluster interfaces: 5\n\neth1            192.168.4.1\neth2            192.168.3.1\neth3            192.168.2.1\neth6            192.168.1.1\nMgmt            192.168.0.1\n<\/pre>\n\n\n\n

Quel est l’\u00e9tat de l’acc\u00e9l\u00e9rateur logiciel SecureXL :<\/p>\n\n\n\n
[Expert@node1]# fwaccel stat\nAccelerator Status : on\nAccept Templates   : disabled by Firewall\n                     disabled from rule #35\nDrop Templates     : disabled\nNAT Templates      : disabled by user\nAccelerator Features : Accounting, NAT, Cryptography, Routing,\n                       HasClock, Templates, Synchronous, IdleDetection,\n                       Sequencing, TcpStateDetect, AutoExpire,\n                       DelayedNotif, TcpStateDetectV2, CPLS, WireMode,\n                       DropTemplates, NatTemplates, Streaming,\n                       MultiFW, AntiSpoofing, DoS Defender, ViolationStats,\n                       Nac, AsychronicNotif\nCryptography Features : Tunnel, UDPEncapsulation, MD5, SHA1, NULL,\n                        3DES, DES, CAST, CAST-40, AES-128, AES-256,\n                        ESP, LinkSelection, DynamicVPN, NatTraversal,\n                        EncRouting, AES-XCBC, SHA256\n<\/pre>\n\n\n\n

SecureXL \u00e9tant activ\u00e9, voyons un petit r\u00e9sum\u00e9 des statistiques :<\/p>\n\n\n\n
[Expert@node1]# fwaccel stats -s\nAccelerated conns\/Total conns : 24462\/27030 (90%)\nAccelerated pkts\/Total pkts   : 3259930016\/3432994569 (94%)\nF2Fed pkts\/Total pkts   : 173064553\/3432994569 (5%)\nPXL pkts\/Total pkts   : 0\/3432994569 (0%)\n<\/pre>\n\n\n\n

Lan\u00e7ons-nous dans une capture de paquets. D\u00e9sactivons tout d’abord SecureXL afin d’\u00eatre en mesure de capturer tout le trafic :<\/p>\n\n\n\n
[Expert@node1]# fwaccel off\n<\/pre>\n\n\n\n

Un petit rappel sur les diff\u00e9rents points de contr\u00f4le lors de l’acheminement des paquets : \"traffic_flows_through_a_check_point_security_gateway.png\"
Et voici un exemple de capture :<\/p>\n\n\n\n
[Expert@node1]# fw monitor -m iO -e 'accept host(192.168.2.2) or host(192.168.3.5) ;' -o output.cap<\/pre>\n","protected":false},"excerpt":{"rendered":"
Je souhaite v\u00e9rifier l’\u00e9tat des n\u0153uds au sein de mon clusterXL : [Expert@node1]# cphaprob state Cluster Mode: New High Availability (Primary Up) with IGMP Membership Number Unique Address Assigned Load …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[14],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-computing","tag-checkpoint"],"_links":{"self":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26"}],"version-history":[{"count":1,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":27,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/26\/revisions\/27"}],"wp:attachment":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}