checkpoint<dot>engineer

A Day in the Life of a Check Point Engineer

Enhancing CLISH with Dynamic CLI

by · January 21, 2019

Check Point released a new tool today called Dynamic CLI to enhance CLISH with new commands. This might eliminate the need to access Expert mode for certain roles you may have in your team. It’s available as a tarball for R80.10 and higher and does not conflict with Jumbo Hotfixes. It can be installed on the following setups:

  • Management Server
  • Multi-Domain Server
  • Gateway / Cluster / VSX
  • Appliance / VM

Dynamic CLI will only add new “show” commands that replaces the equivalent Expert commands. A reboot is advised but you can also restart CLISH to enable Dynamic CLI as stated here on CheckMates by entering the following commands:

# tellpm process:clishd
# tellpm process:clishd t
# tellpm process:clish
# tellpm process:clish t

The tables below show you the new commands that will be available in CLISH when Dynamic CLI is installed. Read more about Dynamic CLI in sk144112.

Security Gateway

CLISH CommandEquivalent “Expert” Command
show security-gateway policy
fw stat
show security-gateway policy summaryfw stat -s 
show security-gateway policy detailsfw stat -l
show security-gateway versionfw ver
show security-gateway memory statisticsfw ctl pstat
show security-gateway arp-tablefw ctl arp -n
show security-gateway arp-table resolvedfw ctl arp 
show security-gateway affinityfw ctl affinity -l -v -a 
show security-gateway affinity cpu-orderedfw ctl affinity -l -r -v -a
show security-gateway affinity statisticsfw ctl multik stat 
show security-gateway monitored-interfacesfw getifs 
show security-gateway monitored-interfaces allfw ctl iflist 
show security-gateway parameter integer VALUEfw ctl get int VALUE
show security-gateway parameter string VALUEfw ctl get str VALUE
show security-gateway log-filesfw lslogs 
show security-gateway tablesfw tab -s 
show security-gateway tables search VALUEfw tab -s | grep -i VALUE 
show security-gateway table VALUEfw tab -t VALUE
show security-gateway table VALUE summaryfw tab -t VALUE -s 
show security-gateway table VALUE formattedfw tab -t VALUE -f
show security-gateway ips statusips stat

Acceleration

CLISH CommandEquivalent “Expert” Command
show securexl status
fwaccel stat
show securexl statistics
fwaccel stats
show securexl connections
fwaccel conns 
show securexl version
fwaccel ver
show multi-queue affinity
cpmq get -a
show multi-queue driver-type VALUE cpmq get rx_num VALUE

System

CLISH CommandEquivalent “Expert” Command
show system services run-level
chkconfig –list
show system service VALUE run-level
chkconfig –list VALUE
show system init-services
service –status-all
show system init-service VALUE
service VALUE status
show system disk usage
df -h
show system disk hw-raid status
raidconfig status
show system disk sw-raid statusraid_diagnostic 
show system dmi-tabledmidecode | more
show system dmi-table search VALUEdmidecode | grep -i VALUE | more 
show installer cpinfo cpinfo -y all 
show file VALUE more VALUE 
show file VALUE search VALUEcat VALUE | grep -i VALUE | more
show users-access-loglast -a 

Monitoring

CLISH CommandEquivalent “Expert” Command
show syslog logs
cat /var/log/messages | more
show syslog logs search VALUE
cat /var/log/messages | grep -i VALUE | more
show syslog logs monitor
tail -f /var/log/messages
show syslog dmesg
dmesg | more
show syslog dmesg search VALUE
dmesg | grep -i VALUE | more

Interfaces

CLISH CommandEquivalent “Expert” Command
show interface VALUE features
ethtool -k VALUE
show interface VALUE driver-information
ethtool -i VALUE
show interface VALUE coalesceethtool -c VALUE
show interface VALUE pause-parameter
ethtool -a VALUE
show interface VALUE stats
ethtool -S VALUE

Licensing

CLISH CommandEquivalent “Expert” Command
show license status
cplic print -x
show license feature VALUE
cplic check VALUE

Tags:

You may also like...