CDC Check Point Diagnostic Console

CDC is set of scripts that allows to show CKP parameters, do some simple configuration and do debugs.

CDC is set of scripts that allows to show CKP parameters, do some simple configuration and do debugs. It gives one standard interface, ability to diagnose problem fast without reading SK.

Scirpts are organized in following way:




show - show CKP parameters
config - change something
debug - start/stop, show debug, test something, show logs


MGMT - scripts for Management
Gateway - scripts for Gateway


Threat Prevention
and other stuff


enable - start debug
show - show debug
other - no rules here. Just to kepp is simple

======================== GENERAL ==============================

(go to directory)

cd cdc

(run command)


Hint: Use tab to finish command or to show commands available.

======================== SHOW COMMANDS ==============================

To see all commands available run: ls

To search for specific command: ls | grep module.

For example:

[Expert@te:0]# ls | grep securexl

You can alse use search here:

======================== SHOW ==============================

All commands start with "show"

[Expert@te:0]# ./show_mgmt_manager_status
Check Point Security Management Server is running and ready

======================== DEBUG ==============================

All commands start with "debug"

To start debug:

Most debugs require 3 commands: enable, show, disable_debug.

For example:


This will start debug of ssl inspect module. All kernel variable will be set for you. After that, what to do next message will be presented:


debug_gateway_ssl_inspect_show | grep options

debug_gateway_debug_disable to turn off debug!

| grep CN - to check certificate CN processed by SSL Inspect
| grep domain - to check search for specific domain
Check log number. Use grep -A 10 -B 10


To see debug in this example:


CTRL + C to break.

To disable debug


======================== CONFIG ==============================

All commands start with "config"

[Expert@te:0]# ./config_gateway_identity_users_excluded_clear
Warning this will CLEAR excluded users list!!!
Do you wan't to continue? (Hit any key to continue. CTRL+C to exit)

The suspected service accounts list has been cleared.

There should be a message, what this command will do. You need to press Enter to continue.

====================== HOW TO INSTALL ===================================

In expert mode.

Go to directory where do you want to install. Run:

curl_cli -O
tar xvfz cdc.tar.gz
cd cdc
chmod 755 *
mkdir /var/log/cdc

You can hind change log here:

Have fun