There are 2 primary method for resetting the admin password. Both methods require a reboot of the device and downtime if the device is not part of a cluster
Method 1: Use emergendisk
This method requires a device with the same chassis model as the device that requires a password reset, running gaia, and a USB disk
You should receive the following once the reset is complete. On some devices, you may not receive this or an error message. You should wait 1-2 minutes after boot to ensure the script has finished.
Admin password successfully reset
Please remove disk or any other media and press enter to restart
Remove the USB drive and reboot. The username/password should now be admin/admin. If not, you may need to follow Method 2.
Method 2: Use a live CD or live USB disk
This method requires a live CD, such as Ubuntu, to boot from.
On some distros (Ubuntu, for example), the system will automatically mount the Check Point partitions. In Ubuntu, this is mounted to /media/ubuntu/
ls -lh /media/ubuntu/<UUID>/config/db/initial_db
If the partitions are not mounted, you will need to locate the correct partition and mount it someplace. Below is an example:
sudo mount /dev/sda1 /mnt/checkpoint
Once you have located the correct partition, run the following to change the working root to Check Point's root
Example: sudo chroot /media/Ubuntu/2cbbf000-blah
Modify the sqlite database
Locate the current admin password by running the following. The last line is the current password hash.
SELECT * from revisions WHERE binding="passwd:admin:passwd";
Run the following to change the password to 'admin'. Replace '<old-pw-hash> with the last hash from step 5.
UPDATE revisions SET value="$1$zIVyrIdj$1LBW7Pg6XOcXYIgFPTppY." WHERE binding="passwd:admin:passwd" AND VALUE='<old-pw-hash>';
Reboot the device and login with admin/admin. Make sure to change the password via clish once logged in
The following command will allow you to view CPU statistics, memory usage, hard drive usage, throughput, etc in real time through the firewall or management server
This command was added in R77. Older versions do not have this ability.
To start the cpviewd process:
cpwd_admin start -name CPVIEWD -path "$FWDIR/bin/cpviewd" -command "cpviewd"
To stop the cpviewd process
cpwd_admin stop -name CPVIEWD
clish -s -c "set selfpasswd oldpass <oldpass> newpass <newpass>"
Or for interactive menu
clish set selfpasswd
Run the following:
service iss-spa unregister
Remove the registration and heartbeat files. The heartbeat file may not exist.
rm -f /etc/lmi/spregistered
rm -f /tmp/heartbeat_inprogress.lck
request system snapshot slice alternate
fw ctl pstat
* Aggressive aging causes idle connections to timeout much sooner (for instance, 60 seconds in stead of 60 minutes)
* A device may enter Aggressive Aging when running low on memory. The following log maybe seen when this happens:
Number: 111111 Date: 1Jan2014 Time: 01:00:00 Origin: CPDEVICE Type: Log Action: Information: Memory consumption: <#>% - <#>MB out of <#>MB Capacity notification: Memory consumption has exceeded 80% Aggressive aging status: Active Connections table capacity: <#>% - <#> out of <#> Attack Information: Connections table's denial of service prevention mechanism Product: IPS Software Blade
clish -c 'show version all' !! View the current OS and Product version clish -s -c 'set edition default <32|64>-bit' !! Modify the version - 64-bit will only show if the device has enough memory to support it
show system processes summary show system processes extensive
* Summary will provide a brief overview with the top 3 processes
* Extensive includes all processes
cp_conf client get !! View configured GUI clients cp_conf client add <ip> !! Add a client to the current GUI clients list cp_conf client del <ip> <ip> <etc> !! Delete 1+ GUI clients cp_conf client createlist <ip> <ip> <etc> !! Create a new GUI list (will overwrite the old) and add 1+ GUI clients cp_conf admin get !! View configured administrators cp_conf admin add <user> <pass> <a|w|r> !! Add new admin user, a - read/write/manage admins, w - read/write, r - read only cp_conf admin del <user> <user> !! Delete 1+ admin users cp_conf sic state !! View current SIC status cp_conf sic <key> !! Initialize SIC state cp_conf sic cert_pull <management-server> <object> !! Pull the certificate of a DAIP object cp_conf finger get !! View the management server fingerprint cp_conf lic get !! View licenses cp_conf lic add -f <file> !! Add license from license file cp_conf lic add -m <host> <date> <license-key> <SKU> !! Add license manually cp_conf lic del <signature-key> !! Remove a lice cp_conf ha <enable|disable> [norestart] !! Enable/Disable HA. Add 'norestart' to command to keep device from preforming a cpstop;cpstart cp_conf sxl <enable|disable> !! Enable/Disable SecureXL cp_conf snmp get !! View current status of the SNMP module cp_conf snmp <enable|disable> !! Enabe/Disable SNMP