REFERENCE DB ONLINE
🛡️ Check Point
R81.x · GAiA OS · SmartConsole
Ports
Commands
Processes
Quick Tips
No results for your search
Management & Communication
PortProtoService / Purpose
18190TCPSmartConsole → Management Server (GUI login)
18191TCPPolicy installation (FWM)
18192TCPLogging (FWA)
18193TCPScheduling daemon
18194TCPUser monitoring
18207TCPEndpoint Policy push
18209TCPPush operations / SIC established
18210TCPLog indexing
18211TCPSIC initial communication / Correlation unit
18221TCPSmartUpdate
18265TCPProvisioning
18266TCPEndpoint compliance
VPN & Encryption
PortProtoService / Purpose
500UDPIKE Phase 1 (ISAKMP)
4500UDPNAT-T (NAT Traversal)
50IP PROTOESP — Encapsulating Security Payload
51IP PROTOAH — Authentication Header
264TCPVisitor Mode VPN (encap over TCP)
443TCPSSL VPN / Mobile Access Portal
2746UDPSecuRemote (legacy Remote Access)
Cluster & HA
PortProtoService / Purpose
8116UDPCCP — ClusterXL Control Protocol (heartbeat & sync)
19009TCP/UDPClusterXL CCP (also used on some configs)
Identity Awareness & LDAP
PortProtoService / Purpose
389TCP/UDPLDAP (Active Directory / User queries)
636TCPLDAPS — Secure LDAP (TLS)
3268TCPGlobal Catalog LDAP
3269TCPGlobal Catalog LDAPS
System & Monitoring
PortProtoService / Purpose
22TCPSSH — GAiA admin access
80TCPHTTP — Captive Portal (Identity Awareness)
161/162UDPSNMP — Get (161) / Trap (162)
514UDPSyslog
Firewall & Policy 
fw stat                  # Policy name & install status
fw ver                   # Firewall version
fw ctl pstat             # Kernel stats (connections, memory)
fw ctl zdebug drop       # Real-time dropped packets
fw ctl zdebug + drop     # Verbose drop debug
fw tab -t connections -s # Connections table summary
fw tab -t connections -f # Full connections table
fw getifs                # Show interfaces
fw fetch <mgmt_IP>       # Fetch policy from management
fw unloadlocal           # Unload local policy
fw monitor -e "accept;"  # Capture all accepted packets
fw monitor -i eth0 -e "accept;" # Capture on interface
SecureXL Acceleration 
fwaccel stat            # SecureXL status (on/off)
fwaccel stats           # Acceleration statistics
fwaccel stats -s        # Summary stats
fwaccel off             # Disable SecureXL
fwaccel on              # Enable SecureXL
fwaccel conns           # List accelerated connections
sim affinity -l         # Show CoreXL CPU affinity
CoreXL 
fw ctl multik stat      # CoreXL instances status
fw ctl affinity -l -r  # Show CPU affinity (full)
cpconfig               # Configure CoreXL instances
ClusterXL & HA 
cphaprob stat           # Cluster members state
cphaprob -a if          # Check interface status
cphaprob list           # List monitored processes
cphaprob -f list        # Full list with details
clusterXL_admin down    # Force failover (down this member)
clusterXL_admin up      # Bring member back up
fw hastat               # HA status
cpstop ; cpstart        # Restart all CP services
VPN 
vpn tu                  # VPN Tunnel Util (interactive)
vpn debug on            # Enable VPN debug
vpn debug off           # Disable VPN debug
vpn debug trunc         # Truncate VPN debug log
vpn drv stat            # VPN driver status
vpn overlap_encdom      # Check overlapping enc domains
ike_tbl_list            # List active IKE SAs
vpn accel stat          # VPN acceleration status
Logging & Debug 
fw log                  # View FW log
fw log -f              # Follow live log
cpinfo -y all          # Full system diagnostic dump
cpinfo -o <file>       # Output cpinfo to file
fw ctl debug 0          # Reset all debug flags
fw ctl debug -buf 32768 # Set debug buffer size
fw ctl kdebug -T -f /tmp/out # Kernel debug to file
tcpdump -i eth0 -n    # Standard packet capture
zdebug                  # Shortcut: debug kernel drops
Management & SIC 
cpconfig               # Main config (SIC reset, licences)
fwm sic_reset          # Reset SIC on management
cpca_client lscert     # List certificates
cpca_client create_cert # Create new SIC cert
fw lichosts            # List licensed hosts
cplic print            # Show installed licences
cpstat fw              # FW statistics
cpstat blades          # Software blade stats
cpstat ha              # HA / cluster stats
System & GAiA 
cpview                 # Real-time performance monitor
top                    # System process monitor
cpwd_admin list        # WatchDog monitored processes
cpwd_admin start -name FWD # Start process via WatchDog
show version all       # GAiA OS + CP version
show interfaces all    # All interface config
show route             # Routing table
show arp               # ARP table
set interface eth0 state on # Enable interface
save config            # Save GAiA config
Upgrade & Migration 
migrate export         # Export management database
migrate import         # Import management database
cpuse                  # CPUSE upgrade agent (GAiA)
upgrade_export         # Export for upgrade
cppkg print            # List available packages
FWD
Firewall Daemon
Main FW process — handles logging, SIC communication, and connections
FWM
FireWall Management
Handles SmartConsole GUI connections and policy push operations
CPD
Check Point Daemon
Core daemon — SIC, licensing, and status reporting to management
CPCA
CP Certificate Authority
Manages SIC certificate issuance and PKI operations
FGAED
Threat Emulation Daemon
File emulation sandbox (SandBlast / Threat Emulation blade)
CPWD
WatchDog
Monitors CP processes and automatically restarts crashed daemons
RAD
Remote Access Daemon
Handles VPN Remote Access client operations
IKED
IKE Daemon
Manages IKE/IPSec VPN key exchange and tunnel negotiations
PDPD
Policy Decision Point
Identity Awareness — makes policy decisions based on user identity
PEPD
Policy Enforcement Point
Identity Awareness — enforces identity-based policy on traffic
VPND
VPN Daemon
Manages VPN tunnel state and VPN-related operations
RTMD
Real Time Monitoring
Collects performance metrics and statistics for SmartView
HTTPD
HTTP Daemon
Web portal for Mobile Access blade and Captive Portal
CPHAD
HA Daemon
ClusterXL high availability — manages member state and failover
FWSSD
Security Server
Legacy proxy and authentication processes (HTTP, FTP, SMTP security servers)
CPRID
Remote Installation Daemon
Used for pushing packages and upgrades from SmartUpdate
SNMPD
SNMP Daemon
SNMP monitoring — responds to GET requests and sends TRAP alerts
SYSLOGD
Syslog Daemon
System logging — forwards logs to external syslog servers
First Command Per Problem Type
cphaprob stat
Cluster issue? Always run this first to check member states (Active/Standby/Down)
fwaccel stat
Performance issue? Check SecureXL acceleration status before anything else
fw ctl zdebug drop
Dropped packets? Real-time kernel drop debug — shows reason for each drop
cpinfo -y all
Opening a TAC case? Run this first — it's always the first thing support will ask for
vpn tu
VPN tunnel down? Use the interactive Tunnel Utility to delete and re-establish SAs
fw monitor -e "accept;"
Traffic not passing? Use fw monitor to see if packets even hit the firewall
Port Memory Tricks
Port 18190
SmartConsole login — "18190, the GUI door"
Port 500 / 4500
IKE / NAT-T — always in VPN questions. 4500 only when NAT is between peers
Port 8116 UDP
CCP heartbeat — "if 8116 is blocked, the cluster breaks"
Port 18211
SIC — if 18211 is blocked, the gateway can't talk to management