Checkpoint Processes and Daemons
9
Click here to load reader
-
Upload
jmcsep52178 -
Category
Documents
-
view
385 -
download
6
Transcript of Checkpoint Processes and Daemons
Home Products & Services Buy Support About Us
Print Email
Check Point Processes and Daemons
Solution ID: sk97638Product: AllVersion: R77, R77.10OS: GaiaPlatform / Model: AllDate C reated: 17-Dec-2013Last Modified: 15-Jun-2014
Rate this document
[1=Worst,5=Best]
SOLUTION
Table of Contents:
Gaia Processes and DaemonsInfrastructure ProcessesSecurity Gateway Software BladesSecurity Management Software BladesAdditional ProcessesRelated solutions
Gaia Processes and Daemons
All Gaia processes and daemons run by default, other than snmpd and dhcpd.
Daemon Childdaemon Description To Start To Stop
pm Gaia OS Process Manager. Controls otherprocesses and daemons.
confd Database and configuration.From Expert shell:tellpmprocess:confd t
From Expert shell:tellpmprocess:confd
searchd Search indexing daemon.From Expert shell:tellpmprocess:searchd t
From Expert shell:tellpmprocess:searchd
clishd Gaia Clish CLI interface process - generalinformation for all Clish sessions.
From Expert shell:tellpmprocess:clishd t
From Expert shell:tellpmprocess:clishd
clish Gaia Clish CLI interface process - Clishprocess per session.
From Expert shell:tellpmprocess:clish t
From Expert shell:tellpmprocess:clish
routed Routing daemon.From Expert shell:tellpmprocess:routed t
From Expert shell:tellpmprocess:routed
httpd2 Web server daemon (Gaia Portal).From Expert shell:tellpmprocess:httpd2 t
From Expert shell:tellpmprocess:httpd2
monitord Hardware monitoring daemon.From Expert shell:tellpmprocess:monitord t
From Expert shell:tellpmprocess:monitord
rconfd Provisioning daemon.From Expert shell:tellpmprocess:rconfd t
From Expert shell:tellpmprocess:rconfd
cloningd Cloning Groups daemon.From Expert shell:tellpmprocess:cloningd t
From Expert shell:tellpmprocess:cloningd
dhcpd DHCP server daemon.
From Clish:set dhcp serverenableoruse Gaia Portal
From Clish:set dhcp serverdisableoruse Gaia Portal
Support Center > Search Results > SecureKnowledge Details
Guest AccessSign In
Live ChatStart Chat Now
Service RequestsCreate Service RequestMy Service Requests
Contact Us
STAY UP TO DATE
Get weekly email notifications onsupport related updates.
SUGGESTEDSOLUTIONS
People that viewed this solutionalso viewed:1. SSL Network Extender - JavaAvailability
2. First Time ConfigurationWizard on Check Pointappliances
3. CPUSE packages for offlineinstallation
Search
Global Sites My Account
converted by Web2PDFConvert.com
snmpd SNMP (Linux) daemon.
From Clish:set snmp agent onoruse Gaia Portal
From Clish:set snmp agentofforuse Gaia Portal
sshd SSH daemon. From Expert shell:service sshd start
From Expert shell:service sshd stop
syslogd Syslog (Linux) daemon.From Expert shell:service syslogstart
From Expert shell:service syslogstop
DAService CPUSE (former 'Gaia Software Updates')service (sk98926 and sk92449).
From Expert shell,run these 2commands:$DADIR/bin/dastartanddbgetinstaller:start
From Expert shell,run these 2commands:$DADIR/bin/dastopanddbgetinstaller:stop
Other Gaia daemons can be stopped in Expert mode, but we do not recommend doing so.
Infrastructure Processes
Daemon Description To Start To Stop
cpwd
WatchDog is a process that launches andmonitors critical processes such as CheckPoint daemons on the local machine, andattempts to restart them if they fail.Among the processes monitored byWatchdog are cpd, fwd and fwm.Watchdog is controlled by thecpwd_admin utility. To learn how to startand stop various daemons, runcpwd_admin command.
From Expert shell:cpstartorcpwd_adminstart_monitor
From Expert shell:cpstoporcpwd_admin stop_monitor
cpd
Port 18191 - Generic process (add-ons container) for many CheckPoint services, such as installingand fetching policy, and onlineupdatesPort 18211 - SIC push certificate(from Internal CA)
Note: 'cpwd_admin list' commandshows the process as "CPD".
MGMT / Gateway mode -from Expert shell:cpstart orcpwd_admin start -nameCPD -path"$CPDIR/bin/cpd" -command "cpd"
VSX mode - from Expertshell:[Expert@HostName:0]#cpstart or[Expert@HostName:0]#vsenv VSID[Expert@HostName:VSID]#cpwd_admin start -nameCPD -ctx VSID -path"$CPDIR/bin/cpd" -command "cpd" -envinherit
MGMT / Gateway mode -from Expert shell:cpstop orcpwd_admin stop -nameCPD -path"$CPDIR/bin/cpd_admin"-command "cpd_adminstop"
VSX mode - from Expertshell:[Expert@HostName:0]#cpstop or[Expert@HostName:0]#vsenv VSID[Expert@HostName:VSID]#cpwd_admin stop -nameCPD -ctx VSID -path"$CPDIR/bin/cpd_admin"-command "cpd_adminstop" -env inherit
sms
Manages communication (statuscollection, logs collection, policy update,configuration update) with UTM-1 EdgeSecurity Gateways. This process runsonly on Security Management Server /Multi-Domain Security ManagementServers that manage UTM-1 Edgedevices.Note: 'cpwd_admin list' commandshows the process as "VPN-1 EmbeddedConnector".
From Expert shell:smsstart
From Expert shell:smsstop
Security Gateway Software Blades
Daemon Description To Start To Stop
Firewall Blade
converted by Web2PDFConvert.com
fwd
Logging.Spawning childprocesses (e.g.,vpnd)
Note: 'cpwd_admin list'command shows theprocess as "FWD".
Gateway mode - from Expertshell:cpstart orcpwd_admin start -name FWD-path "$FWDIR/bin/fwd" -command "fwd"
VSX mode - from Expert shell:[Expert@HostName:0]#cpstart or[Expert@HostName:0]# vsenvVSID[Expert@HostName:VSID]#cpwd_admin start -name FWD-ctx VSID -path"$FWDIR/bin/fwd" -command"fwd" -env inherit
Gateway mode - fromExpert shell:cpstop orcpwd_admin stop -nameFWD -path"$FWDIR/bin/fw" -command "fw kill fwd"
VSX mode - from Expertshell:[Expert@HostName:0]#cpstop or[Expert@HostName:0]#vsenv VSID[Expert@HostName:VSID]#cpwd_admin stop -nameFWD -ctx VSID -path"$FWDIR/bin/fw" -command "fw kill fwd" -env inherit
IPSec VPN Blade
vpnd
IKE (UDP/TCP)SSL Network ExtenderRemote Access ClientconfigurationVisitor ModeNAT-TTunnel testTopology Update forSecureClientRDPL2TP
From Expert shell:cpstart
From Expert shell:cpstop
Mobile Access Blade
cvpnd
Back-end daemon of theMobile Access SoftwareBlade.Note: 'cpwd_admin list'command shows theprocess as "CVPND".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
dbwriter
Offload database commandsfrom cvpnd (to preventlocks) and syncronize withother members.Note: 'cpwd_admin list'command shows theprocess as "DBWRITER".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
cvpnproc
Offload blocking commandsfrom cvpnd (to preventlocks). Example: sendingDynamicID.Note: 'cpwd_admin list'command shows theprocess as "CVPNPROC".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
MoveFileServer
Move files between clustermembers in order to performdatabase synchronization.Note: 'cpwd_admin list'command shows theprocess as"MOVEFILESERVER".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
PingerOffload long-lastingrequests from httpd.Note: 'cpwd_admin list'command shows theprocess as "PINGER".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
CvpnUMDReport SNMP connectedusers to AMON.Note: 'cpwd_admin list'command shows theprocess as "CVPNUMD".
From Expert shell:cvpnstart
From Expert shell:cvpnstop
converted by Web2PDFConvert.com
httpdFront-end daemon of theMobile Access SoftwareBlade (multi-processes).
From Expert shell:cvpnstart
From Expert shell:cvpnstop
Identity Awareness Blade
pepd
Policy Enforcement Pointdaemon
Receiving identitiesvia identity sharingRedirecting users toCaptive Portal
Note: 'cpwd_admin list'command shows theprocess as "PEPD".
From Expert shell:cpstart
From Expert shell:cpstop
pdpd
Policy Decision Pointdaemon
Acquiring identitiesfrom identity sourcesSharing identities withanother gateways
Note: 'cpwd_admin list'command shows theprocess as "PDPD".
From Expert shell:cpstart
From Expert shell:cpstop
DLP Blade
fwdlpDLP core engine thatperforms the scanning /inspection.
From Expert shell:cpstart
From Expert shell:cpstop
cp_file_convertUsed to convert various fileformats to simple textualformat for scanning by theDLP engine.
From Expert shell:cpstart
From Expert shell:cpstop
dlp_fingerprintUsed to identify the dataaccording to a uniquesignature known as afingerprint stored in yourrepository.
From Expert shell:cpstart
From Expert shell:cpstop
cserver
Check Server that eitherstops or processes the e-mail.Note: 'cpwd_admin list'command shows theprocess as "DLP_WS".
From Expert shell:cpstart
From Expert shell:cpstop
dlpuReceives data from CheckPoint kernel.Note: 'cpwd_admin list'command shows theprocess as "DLPU_N".
From Expert shell:cpstart
From Expert shell:cpstop
fwucd
UserCheck back-enddaemon that sends approval/ disapproval requests touser.Note: 'cpwd_admin list'command shows theprocess as "FWUCD".
From Expert shell:cpstart
From Expert shell:cpstop
Threat Emulation Blade
tedThreat Emulation daemonengine - responsible foremulating files andcommunication with thecloud.
From Expert shell:cpstart
From Expert shell:cpstop
dlpuDLP process - receives datafrom Check Point kernel.Note: 'cpwd_admin list'command shows theprocess as "DLPU_N".
From Expert shell:cpstart
From Expert shell:cpstop
URL Filtering Blade
converted by Web2PDFConvert.com
rad
Resource Advisor -responsible for thedetection of Social Networkwidgets. The detection isdone via an online serviceavailable at Check Serverswhich identifies specificURLs as applications.Note: 'cpwd_admin list'command shows theprocess as "RAD".
cpstartorrad_admin start
cpstoporrad_admin stop
Anti-Bot Blade
acapd Packet capturing daemonfor SmartView Tracker logs.
cpstart cpstop
rad
Resource Advisor -responsible for thedetection of Social Networkwidgets. The detection isdone via an online serviceavailable at Check Serverswhich identifies specificURLs as applications.Note: 'cpwd_admin list'command shows theprocess as "RAD".
cpstartorrad_admin start
cpstoporrad_admin stop
Anti-Virus Blade
acapd Packet capturing daemonfor SmartView Tracker logs.
From Expert shell:cpstart
From Expert shell:cpstop
dlpuDLP process - receives datafrom Check Point kernel.Note: 'cpwd_admin list'command shows theprocess as "DLPU_N".
From Expert shell:cpstart
From Expert shell:cpstop
rad
Resource Advisor -responsible for thedetection of Social Networkwidgets. The detection isdone via an online serviceavailable at Check Serverswhich identifies specificURLs as applications.Note: 'cpwd_admin list'command shows theprocess as "RAD".
From Expert shell:cpstartorrad_admin start
From Expert shell:cpstoporrad_admin stop
Anti-Spam Blade
in.emaild.smtpSMTP Security Server thatreceives e-mails sent byuser.
From Expert shell:cpstart
From Expert shell:cpstop
msdMail Security Daemon thatqueries the Commtouchengine for reputation.
From Expert shell:cpstart
From Expert shell:cpstop
ctasd Commtouch Anti-Spamdaemon.
From Expert shell:cpstart
From Expert shell:cpstop
ctipd Commtouch IP Reputationdaemon.
From Expert shell:cpstart
From Expert shell:cpstop
Monitoring Blade
rtmdReal Time traffic statistics.Note: 'cpwd_admin list'command shows theprocess as "RTMD".
From Expert shell:rtmstart
From Expert shell:rtmstop
cpstat_monitorProcess is responsible forSmartView Monitor.Note: 'cpwd_admin list'command shows theprocess as "CPSM".
From Expert shell:cpwd_admin start -name CPSM-path"$FWDIR/bin/cpstat_monitor"-command "cpstat_monitor"
From Expert shell:cpwd_admin stop -nameCPSM
HTTPS Inspection
wstlsdHandles SSL handshake forHTTPS Inspectedconnections.
From Expert shell:cpstart
From Expert shell:cpstop
Security Management Software Blades
converted by Web2PDFConvert.com
Daemon Description To Start To Stop
Network Policy Management Blade
fwm
Communication betweenSmartConsole applicationsand Security ManagementServer.Note: 'cpwd_admin list'command shows theprocess as "FWM".
From Expert shell:cpwd_admin start -name FWM -path"$FWDIR/bin/fwm" -command "fwm"
From Expert shell:cpwd_admin stop -name FWM -path"$FWDIR/bin/fw" -command "fw killfwm"
Endpoint Policy Management Blade
epm Endpoint ManagementServer.
From Expert shell:uepm_start
From Expert shell:uepm_stop
httpd Communication withEndpoint Clients.
From Expert shell:uepm_start
From Expert shell:uepm_stop
Monitoring Blade
rtmdReal Time traffic statistics.Note: 'cpwd_admin list'command shows theprocess as "RTMD".
From Expert shell:rtmstart
From Expert shell:rtmstop
cpstat_monitorProcess is responsible forSmartView Monitor.Note: 'cpwd_admin list'command shows theprocess as "CPSM".
From Expert shell:cpwd_admin start -name CPSM -path"$FWDIR/bin/cpstat_monitor" -command "cpstat_monitor"
From Expert shell:cpwd_admin stop -name CPSM
SmartProvisioning Blade
status_proxy
Status collection of ROBOGateways -SmartLSM/SmartProvisioningstatus proxy. This processruns only on SecurityManagement Server /Domain ManagementServers that are activatedfor Large ScaleManagement.Note: 'cpwd_admin list'command shows theprocess as "SPTR".
From Expert shell:cpstartorcpwd_admin start -name STPR -path"$FWDIR/bin/status_proxy" -command"status_proxy"
From Expert shell:cpstoporcpwd_admin stop -name STPR
SmartReporter Blade
SVRServer
Controller for theSmartReporter product.Traffic is sent via SSL.Note: 'cpwd_admin list'command shows theprocess as "SVR".
From Expert shell:rmdstartorcpwd_admin start -name SVR -path"$RTDIR/bin/SVRServer" -command"SVRServer"
From Expert shell:rmdstoporcpwd_admin stop -name SVR -path$RTDIR/bin/SVRServer-command "SVRServerkill SVRServer"
log_consolidator
Log Consolidator for theSmartReporter product.Note: 'cpwd_admin list'command shows theprocess as "LC_<IPAddress of Log Server>".
From Expert shell:rmdstartorevstartorlog_consolidator -C -m start -s<IP Address of Log Server> [-g<Domain Name>]
From Expert shell:rmdstoporevstopor these 2 commandslog_consolidator -C-m stop -s <IPAddress of LogServer> [-g <DomainName>]andlog_consolidator -C-m exit -s <IPAddress of LogServer> [-g <DomainName>]
converted by Web2PDFConvert.com
dbsync
DBsync enablesSmartReporter tosynchronize data stored indifferent parts of thenetwork. After SIC isestablished, DBsyncconnects to themanagement server toretrieve all the objects.After the initialsynchronization, it getsupdates whenever anobject is saved. Indistributed informationsystems DBsync providesone-way synchronization ofdata between the SecurityManagement Servers objectdatabase and theSmartReporter computer,and supports configurationand administration ofdistributed systems.Note: 'cpwd_admin list'command shows theprocess as "DBSYNC".
From Expert shell:rmdstartorevstartorcpwd_admin start -name DBSYNC -path "$RTDIR/bin/dbsync" -command"dbsync"
From Expert shell:rmdstoporevstoporcpwd_admin stop -name DBSYNC
postgres PostgreSQL server. From Expert shell:cpstart
From Expert shell:cpstop
SmartEvent Blade
cpseadResponsible for CorrelationUnit functionality.Note: 'cpwd_admin list'command shows theprocess as "CPSEAD".
From Expert shell:evstartorcpwd_admin start -name CPSEAD -path "$RTDIR/bin/cpsead" -command"cpsead"
From Expert shell:evstoporcpwd_admin stop -name CPSEAD
cpsemdResponsible for logging intothe SmartEvent GUI.Note: 'cpwd_admin list'command shows theprocess as "CPSEMD".
From Expert shell:evstartorcpwd_admin start -name CPSEMD -path "$RTDIR/bin/cpsemd" -command"cpsemd"
From Expert shell:evstoporcpwd_admin stop -name CPSEMD
dbsync
DBsync enables SmartEventto synchronize data storedin different parts of thenetwork. In distributedinformation systems DBsyncprovides one-waysynchronization of databetween the SecurityManagement Servers objectdatabase and theSmartEvent computer, andsupports configuration andadministration of distributedsystems. DBsync initiallyconnects to theManagement Server, withwhich SIC is established. Itretrieves all the objects andafter the initialsynchronization it getsupdates whenever anobject is saved.Note: 'cpwd_admin list'command shows theprocess as "DBSYNC".
From Expert shell:evstartorcpwd_admin start -name DBSYNC -path "$RTDIR/bin/dbsync" -command"dbsync"
From Expert shell:evstoporcpwd_admin stop -name DBSYNC
postgres PostgreSQL server. From Expert shell:cpstart
From Expert shell:cpstop
SmartLog
smartlog_serverSmartLog product.Note: 'cpwd_admin list'command shows theprocess as"SMARTLOG_SERVER".
From Expert shell:smartlogstart
From Expert shell:smartlogstop
Internal CA
converted by Web2PDFConvert.com
cpca
Check Point InternalCertificate Authority:
SIC certificate pullingCertificate enrollmentCRL fetchAdmin WebUI
From Expert shell:cpstart
From Expert shell:cpstop
Management Portal
cpwmdManagement Portal(SmartPortal) daemon.Note: 'cpwd_admin list'command shows theprocess as "CPWMD".
From Expert shell:cpwd_admin start -name CPWMD -path"$WEBDIR/bin/cpwmd" -command"cpwmd -D -app SmartPortal"
From Expert shell:cpwd_admin stop -name CPWMD
cp_http_server
HTTP Server forManagement Portal(SmartPortal) and for OSWebUI.Note: 'cpwd_admin list'command shows theprocess as "CPHTTPD".
From Expert shell:cpwd_admin start -name CPHTTPD -path "$WEBDIR/bin/cp_http_server"-command "cp_http_server -f'$MPDIR/conf/cp_httpd_admin.conf'"
From Expert shell:cpwd_admin stop -name CPHTTPD
Additional Processes
Daemon Description To Start To Stop
cplmd
On Management Server.In order to get the data thatshould be presented inSmartView Tracker, FWMspawns a child process CPLMD,which reads the information fromthe log file and performsunification (if necessary). Uponreceiving an answer from CPLMD,FWM transfers it to SmartViewTracker.
From Expert shell:cpstart
From Expertshell:cpstop
mpdaemon
On Security Gateway andManagement Server.Platform Portal / Multi Portal(https://IP_Address/).Each portal has his own Apacheserver (which can have multipleprocesses).'mpdaemon' process is responsiblefor starting these web servers.Note: 'cpwd_admin list'command shows the process as"MPDAEMON".
From Expert shell:cpwd_admin start -name MPDAEMON -path "$CPDIR/bin/mpdaemon" -command "mpdaemon$CPDIR/log/mpdaemon.elg$CPDIR/conf/mpdaemon.conf"
From Expertshell:cpwd_adminstop -nameMPDAEMONormpclientstopall
avi_del_tmp_files
On Security Gateway andManagement Server.Shell script (from '$FWDIR/bin/')that periodically deletes variousold temporary Anti-Virus files.Note: 'cpwd_admin list'command shows the process as"CI_CLEANUP".
From Expert shell:cpwd_admin start -name CI_CLEANUP-path $FWDIR/bin/avi_del_tmp_files-command "avi_del_tmp_files"
From Expertshell:cpwd_adminstop -nameCI_CLEANUP
ci_http_server
On Security Gateway.HTTP Server for ContentInspection.Note: 'cpwd_admin list'command shows the process as"CIHS".
From Expert shell:cpwd_admin start -name CIHS -path$FWDIR/bin/ci_http_server -command"ci_http_server -j -f$FWDIR/conf/cihs.conf"
From Expertshell:cpwd_adminstop -nameCIHS
cpviewd
On Security Gateway andManagement Server.Check Point View ('cpview')daemon.Note: 'cpwd_admin list'command shows the process as"CPVIEWD".
From Expert shell:cpwd_admin start -name CPVIEWD -path "$FWDIR/bin/cpviewd" -command"cpviewd"
From Expertshell:cpwd_adminstop -nameCPVIEWD
converted by Web2PDFConvert.com
cp_http_server
On Security Gateway andManagement Server.HTTP Server for OS WebUI andManagement Portal(SmartPortal).Note: 'cpwd_admin list'command shows the process as"CPHTTPD".
From Expert shell:cpwd_admin start -name CPHTTPD -path "$WEBDIR/bin/cp_http_server"-command "cp_http_server -f'$MPDIR/conf/cp_httpd_admin.conf'"
From Expertshell:cpwd_adminstop -nameCPHTTPD
cpsnmpd
On Security Gateway andManagement Server.
Listens on UDP port 260and is capable ofresponding to SNMPqueries for Check PointOIDs only (under OID.1.3.6.1.4.1.2620)Accepts only SNMPv1Supplied as a part ofCheck Point Suite($CPDIR/bin/cpsnmpd)
From Expert shell:cpsnmpd -p 260
From Expertshell:killallcpsnmpd
Related solutions
sk52421 (Ports used by Check Point software)
Give us FeedbackRate this document
[1=Worst,5=Best]
Characters left: 2000
Copyright | Contact Us | Site Feedback | Privacy Policy | Site Map©2014 Check Point Software Technologies Ltd. All rights reserved.
Check Point Software Technologies, Inc. is a wholly ownedsubsidiary of Check Point Software Technologies Ltd.
Additional comments...(Max 2000 characters allowed)
converted by Web2PDFConvert.com
