Checkpoint Processes and Daemons

Home Products & Services Buy Support About Us
Print Email
Check Point Processes and Daemons
Solution ID: sk97638
Product: All
Version: R77, R77.10
OS: Gaia
Platform / Model: All
Date Created: 17-Dec-2013
Last Modified: 15-Jun-2014
Rate this document
[1=Worst,5=Best]
SOLUTION
Table of Contents:
Gaia Processes and Daemons
Infrastructure Processes
Security Gateway Software Blades
Security Management Software Blades
Additional Processes
Related solutions

Gaia Processes and Daemons
All Gaia processes and daemons run by default, other than snmpd and dhcpd.
Daemon
Child
daemon
Description To Start To Stop
pm
Gaia OS Process Manager. Controls other
processes and daemons.

confd Database and configuration.
From Expert shell:
tellpm
process:confd t
From Expert shell:
tellpm
process:confd
searchd Search indexing daemon.
From Expert shell:
tellpm
process:searchd t
From Expert shell:
tellpm
process:searchd
clishd
Gaia Clish CLI interface process - general
information for all Clish sessions.
From Expert shell:
tellpm
process:clishd t
From Expert shell:
tellpm
process:clishd
clish
Gaia Clish CLI interface process - Clish
process per session.
From Expert shell:
tellpm
process:clish t
From Expert shell:
tellpm
process:clish
routed Routing daemon.
From Expert shell:
tellpm
process:routed t
From Expert shell:
tellpm
process:routed
httpd2 Web server daemon (Gaia Portal).
From Expert shell:
tellpm
process:httpd2 t
From Expert shell:
tellpm
process:httpd2
monitord Hardware monitoring daemon.
From Expert shell:
tellpm
process:monitord t
From Expert shell:
tellpm
process:monitord
rconfd Provisioning daemon.
From Expert shell:
tellpm
process:rconfd t
From Expert shell:
tellpm
process:rconfd
cloningd Cloning Groups daemon.
From Expert shell:
tellpm
process:cloningd t
From Expert shell:
tellpm
process:cloningd
dhcpd DHCP server daemon.
From Clish:
set dhcp server
enable
or
use Gaia Portal
From Clish:
set dhcp server
disable
or
use Gaia Portal
Support Center > Search Results > SecureKnowledge Details
Guest Access
Sign In
Live Chat
Start Chat Now
Service Requests
Create Service Request
My Service Requests
Contact Us
STAY UP TO DATE
Get weekly email notifications on
support related updates.
SUGGESTED
SOLUTIONS
People that viewed this solution
also viewed:
1. SSL Network Extender - Java
Availability
2. First Time Configuration
Wizard on Check Point
appliances
3. CPUSE packages for offline
installation
Search
Global Sites My Account
converted by Web2PDFConvert.com
snmpd SNMP (Linux) daemon.
From Clish:
set snmp agent on
or
use Gaia Portal
From Clish:
set snmp agent
off
or
use Gaia Portal
sshd SSH daemon.
From Expert shell:
service sshd start
From Expert shell:
service sshd stop
syslogd Syslog (Linux) daemon.
From Expert shell:
service syslog
start
From Expert shell:
service syslog
stop
DAService
CPUSE (former 'Gaia Software Updates')
service (sk98926 and sk92449).
From Expert shell,
run these 2
commands:
$DADIR/bin/dastart
and
dbget
installer:start
From Expert shell,
run these 2
commands:
$DADIR/bin/dastop
and
dbget
installer:stop
Other Gaia daemons can be stopped in Expert mode, but we do not recommend doing so.

Infrastructure Processes
Daemon Description To Start To Stop
cpwd
WatchDog is a process that launches and
monitors critical processes such as Check
Point daemons on the local machine, and
attempts to restart them if they fail.
Among the processes monitored by
Watchdog are cpd, fwd and fwm.
Watchdog is controlled by the
cpwd_admin utility. To learn how to start
and stop various daemons, run
cpwd_admin command.
From Expert shell:
cpstart
or
cpwd_admin
start_monitor
From Expert shell:
cpstop
or
cpwd_admin stop_monitor
cpd
Port 18191 - Generic process (add-
ons container) for many Check
Point services, such as installing
and fetching policy, and online
updates
Port 18211 - SIC push certificate
(from Internal CA)
Note: 'cpwd_admin list' command
shows the process as "CPD".
MGMT / Gateway mode -
from Expert shell:
cpstart
or
cpwd_admin start -name
CPD -path
"$CPDIR/bin/cpd" -
command "cpd"

VSX mode - from Expert
shell:
[Expert@HostName:0]#
cpstart
or
vsenv VSID
[Expert@HostName:VSID]#
cpwd_admin start -name
CPD -ctx VSID -path
"$CPDIR/bin/cpd" -
command "cpd" -env
inherit
MGMT / Gateway mode -
from Expert shell:
cpstop
or
cpwd_admin stop -name
CPD -path
"$CPDIR/bin/cpd_admin"
-command "cpd_admin
stop"

shell:
cpstop
or
vsenv VSID
CPD -ctx VSID -path
"$CPDIR/bin/cpd_admin"
-command "cpd_admin
stop" -env inherit
sms
Manages communication (status
collection, logs collection, policy update,
configuration update) with UTM-1 Edge
Security Gateways. This process runs
only on Security Management Server /
Multi-Domain Security Management
Servers that manage UTM-1 Edge
devices.
Note: 'cpwd_admin list' command
shows the process as "VPN-1 Embedded
Connector".
From Expert shell:
smsstart
From Expert shell:
smsstop

Security Gateway Software Blades
Firewall Blade
fwd
Logging.
Spawning child
processes (e.g.,
vpnd)
Note: 'cpwd_admin list'
command shows the
process as "FWD".
Gateway mode - from Expert
shell:
cpstart
or
cpwd_admin start -name FWD
-path "$FWDIR/bin/fwd" -
command "fwd"

VSX mode - from Expert shell:
cpstart
or
[Expert@HostName:0]# vsenv
VSID
cpwd_admin start -name FWD
-ctx VSID -path
"$FWDIR/bin/fwd" -command
"fwd" -env inherit
Gateway mode - from
Expert shell:
cpstop
or
FWD -path
"$FWDIR/bin/fw" -
command "fw kill fwd"

shell:
cpstop
or
vsenv VSID
FWD -ctx VSID -path
"$FWDIR/bin/fw" -
command "fw kill fwd" -
env inherit
IPSec VPN Blade
vpnd
IKE (UDP/TCP)
SSL Network Extender
Remote Access Client
configuration
Visitor Mode
NAT-T
Tunnel test
Topology Update for
SecureClient
RDP
L2TP
From Expert shell:
cpstart
From Expert shell:
cpstop
Mobile Access Blade
cvpnd
Back-end daemon of the
Mobile Access Software
Blade.
command shows the
process as "CVPND".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
dbwriter
Offload database commands
from cvpnd (to prevent
locks) and syncronize with
other members.
command shows the
process as "DBWRITER".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
cvpnproc
Offload blocking commands
from cvpnd (to prevent
locks). Example: sending
DynamicID.
command shows the
process as "CVPNPROC".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
MoveFileServer
Move files between cluster
members in order to perform
database synchronization.
command shows the
process as
"MOVEFILESERVER".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
Pinger
Offload long-lasting
requests from httpd.
command shows the
process as "PINGER".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
CvpnUMD
Report SNMP connected
users to AMON.
command shows the
process as "CVPNUMD".
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
httpd
Front-end daemon of the
Mobile Access Software
Blade (multi-processes).
From Expert shell:
cvpnstart
From Expert shell:
cvpnstop
Identity Awareness Blade
pepd
Policy Enforcement Point
daemon
Receiving identities
via identity sharing
Redirecting users to
Captive Portal
command shows the
process as "PEPD".
From Expert shell:
cpstart
From Expert shell:
cpstop
pdpd
Policy Decision Point
daemon
Acquiring identities
from identity sources
Sharing identities with
another gateways
command shows the
process as "PDPD".
From Expert shell:
cpstart
From Expert shell:
cpstop
DLP Blade
fwdlp
DLP core engine that
performs the scanning /
inspection.
From Expert shell:
cpstart
From Expert shell:
cpstop
cp_file_convert
Used to convert various file
formats to simple textual
format for scanning by the
DLP engine.
From Expert shell:
cpstart
From Expert shell:
cpstop
dlp_fingerprint
Used to identify the data
according to a unique
signature known as a
fingerprint stored in your
repository.
From Expert shell:
cpstart
From Expert shell:
cpstop
cserver
Check Server that either
stops or processes the e-
mail.
command shows the
process as "DLP_WS".
From Expert shell:
cpstart
From Expert shell:
cpstop
dlpu
Receives data from Check
Point kernel.
command shows the
process as "DLPU_N".
From Expert shell:
cpstart
From Expert shell:
cpstop
fwucd
UserCheck back-end
daemon that sends approval
/ disapproval requests to
user.
command shows the
process as "FWUCD".
From Expert shell:
cpstart
From Expert shell:
cpstop
Threat Emulation Blade
ted
Threat Emulation daemon
engine - responsible for
emulating files and
communication with the
cloud.
From Expert shell:
cpstart
From Expert shell:
cpstop
dlpu
DLP process - receives data
from Check Point kernel.
command shows the
From Expert shell:
cpstart
From Expert shell:
cpstop
URL Filtering Blade
rad
Resource Advisor -
responsible for the
detection of Social Network
widgets. The detection is
done via an online service
available at Check Servers
which identifies specific
URLs as applications.
command shows the
process as "RAD".
cpstart
or
rad_admin start
cpstop
or
rad_admin stop
Anti-Bot Blade
acapd
Packet capturing daemon
for SmartView Tracker logs.
cpstart cpstop
rad
Resource Advisor -
responsible for the
command shows the
process as "RAD".
cpstart
or
rad_admin start
cpstop
or
rad_admin stop
Anti-Virus Blade
acapd
Packet capturing daemon
for SmartView Tracker logs.
From Expert shell:
cpstart
From Expert shell:
cpstop
dlpu
DLP process - receives data
from Check Point kernel.
command shows the
From Expert shell:
cpstart
From Expert shell:
cpstop
rad
Resource Advisor -
responsible for the
command shows the
process as "RAD".
From Expert shell:
cpstart
or
rad_admin start
From Expert shell:
cpstop
or
rad_admin stop
Anti-Spam Blade
in.emaild.smtp
SMTP Security Server that
receives e-mails sent by
user.
From Expert shell:
cpstart
From Expert shell:
cpstop
msd
Mail Security Daemon that
queries the Commtouch
engine for reputation.
From Expert shell:
cpstart
From Expert shell:
cpstop
ctasd
Commtouch Anti-Spam
daemon.
From Expert shell:
cpstart
From Expert shell:
cpstop
ctipd
Commtouch IP Reputation
daemon.
From Expert shell:
cpstart
From Expert shell:
cpstop
Monitoring Blade
rtmd
Real Time traffic statistics.
command shows the
process as "RTMD".
From Expert shell:
rtmstart
From Expert shell:
rtmstop
cpstat_monitor
Process is responsible for
SmartView Monitor.
command shows the
process as "CPSM".
From Expert shell:
cpwd_admin start -name CPSM
-path
"$FWDIR/bin/cpstat_monitor"
-command "cpstat_monitor"
From Expert shell:
CPSM
HTTPS Inspection
wstlsd
Handles SSL handshake for
HTTPS Inspected
connections.
From Expert shell:
cpstart
From Expert shell:
cpstop

Security Management Software Blades
Network Policy Management Blade
fwm
Communication between
SmartConsole applications
and Security Management
Server.
command shows the
process as "FWM".
From Expert shell:
cpwd_admin start -name FWM -path
"$FWDIR/bin/fwm" -command "fwm"
From Expert shell:
cpwd_admin stop -
name FWM -path
"$FWDIR/bin/fw" -
command "fw kill
fwm"
Endpoint Policy Management Blade
epm
Endpoint Management
Server.
From Expert shell:
uepm_start
From Expert shell:
uepm_stop
httpd
Communication with
Endpoint Clients.
From Expert shell:
uepm_start
From Expert shell:
uepm_stop
Monitoring Blade
rtmd
Real Time traffic statistics.
command shows the
process as "RTMD".
From Expert shell:
rtmstart
From Expert shell:
rtmstop
cpstat_monitor
Process is responsible for
SmartView Monitor.
command shows the
process as "CPSM".
From Expert shell:
cpwd_admin start -name CPSM -path
"$FWDIR/bin/cpstat_monitor" -
command "cpstat_monitor"
From Expert shell:
cpwd_admin stop -
name CPSM
SmartProvisioning Blade
status_proxy
Status collection of ROBO
Gateways -
SmartLSM/SmartProvisioning
status proxy. This process
runs only on Security
Management Server /
Domain Management
Servers that are activated
for Large Scale
Management.
command shows the
process as "SPTR".
From Expert shell:
cpstart
or
cpwd_admin start -name STPR -path
"$FWDIR/bin/status_proxy" -command
"status_proxy"
From Expert shell:
cpstop
or
cpwd_admin stop -
name STPR
SmartReporter Blade
SVRServer
Controller for the
SmartReporter product.
Traffic is sent via SSL.
command shows the
process as "SVR".
From Expert shell:
rmdstart
or
cpwd_admin start -name SVR -path
"$RTDIR/bin/SVRServer" -command
"SVRServer"
From Expert shell:
rmdstop
or
cpwd_admin stop -
name SVR -path
$RTDIR/bin/SVRServer
-command "SVRServer
kill SVRServer"
log_consolidator
Log Consolidator for the
SmartReporter product.
command shows the
process as "LC_<IP
Address of Log Server>".
From Expert shell:
rmdstart
or
evstart
or
log_consolidator -C -m start -s
<IP Address of Log Server> [-g
<Domain Name>]
From Expert shell:
rmdstop
or
evstop
or these 2 commands
log_consolidator -C
-m stop -s <IP
Address of Log
Server> [-g <Domain
Name>]
and
log_consolidator -C
-m exit -s <IP
Address of Log
Server> [-g <Domain
Name>]
dbsync
DBsync enables
SmartReporter to
synchronize data stored in
different parts of the
network. After SIC is
established, DBsync
connects to the
management server to
retrieve all the objects.
After the initial
synchronization, it gets
updates whenever an
object is saved. In
distributed information
systems DBsync provides
one-way synchronization of
data between the Security
Management Servers object
database and the
SmartReporter computer,
and supports configuration
and administration of
distributed systems.
command shows the
process as "DBSYNC".
From Expert shell:
rmdstart
or
evstart
or
cpwd_admin start -name DBSYNC -
path "$RTDIR/bin/dbsync" -command
"dbsync"
From Expert shell:
rmdstop
or
evstop
or
cpwd_admin stop -
name DBSYNC
postgres PostgreSQL server.
From Expert shell:
cpstart
From Expert shell:
cpstop
SmartEvent Blade
cpsead
Responsible for Correlation
Unit functionality.
command shows the
process as "CPSEAD".
From Expert shell:
evstart
or
cpwd_admin start -name CPSEAD -
path "$RTDIR/bin/cpsead" -command
"cpsead"
From Expert shell:
evstop
or
cpwd_admin stop -
name CPSEAD
cpsemd
Responsible for logging into
the SmartEvent GUI.
command shows the
process as "CPSEMD".
From Expert shell:
evstart
or
cpwd_admin start -name CPSEMD -
path "$RTDIR/bin/cpsemd" -command
"cpsemd"
From Expert shell:
evstop
or
cpwd_admin stop -
name CPSEMD
dbsync
DBsync enables SmartEvent
to synchronize data stored
in different parts of the
network. In distributed
information systems DBsync
provides one-way
synchronization of data
between the Security
Management Servers object
database and the
SmartEvent computer, and
supports configuration and
administration of distributed
systems. DBsync initially
connects to the
Management Server, with
which SIC is established. It
retrieves all the objects and
after the initial
synchronization it gets
updates whenever an
object is saved.
command shows the
process as "DBSYNC".
From Expert shell:
evstart
or
cpwd_admin start -name DBSYNC -
path "$RTDIR/bin/dbsync" -command
"dbsync"
From Expert shell:
evstop
or
cpwd_admin stop -
name DBSYNC
postgres PostgreSQL server.
From Expert shell:
cpstart
From Expert shell:
cpstop
SmartLog
smartlog_server
SmartLog product.
command shows the
process as
"SMARTLOG_SERVER".
From Expert shell:
smartlogstart
From Expert shell:
smartlogstop
Internal CA
cpca
Check Point Internal
Certificate Authority:
SIC certificate pulling
Certificate enrollment
CRL fetch
Admin WebUI
From Expert shell:
cpstart
From Expert shell:
cpstop
Management Portal
cpwmd
Management Portal
(SmartPortal) daemon.
command shows the
process as "CPWMD".
From Expert shell:
cpwd_admin start -name CPWMD -path
"$WEBDIR/bin/cpwmd" -command
"cpwmd -D -app SmartPortal"
From Expert shell:
cpwd_admin stop -
name CPWMD
cp_http_server
HTTP Server for
Management Portal
(SmartPortal) and for OS
WebUI.
command shows the
process as "CPHTTPD".
From Expert shell:
cpwd_admin start -name CPHTTPD -
path "$WEBDIR/bin/cp_http_server"
-command "cp_http_server -f
'$MPDIR/conf/cp_httpd_admin.conf'"
From Expert shell:
cpwd_admin stop -
name CPHTTPD

Additional Processes
cplmd
On Management Server.
In order to get the data that
should be presented in
SmartView Tracker, FWM
spawns a child process CPLMD,
which reads the information from
the log file and performs
unification (if necessary). Upon
receiving an answer from CPLMD,
FWM transfers it to SmartView
Tracker.
From Expert shell:
cpstart
From Expert
shell:
cpstop
mpdaemon
On Security Gateway and
Management Server.
Platform Portal / Multi Portal
(https://IP_Address/).
Each portal has his own Apache
server (which can have multiple
processes).
'mpdaemon' process is responsible
for starting these web servers.
command shows the process as
"MPDAEMON".
From Expert shell:
cpwd_admin start -name MPDAEMON -
path "$CPDIR/bin/mpdaemon" -
command "mpdaemon
$CPDIR/log/mpdaemon.elg
$CPDIR/conf/mpdaemon.conf"
From Expert
shell:
cpwd_admin
stop -name
MPDAEMON
or
mpclient
stopall
avi_del_tmp_files
Management Server.
Shell script (from '$FWDIR/bin/')
that periodically deletes various
old temporary Anti-Virus files.
"CI_CLEANUP".
From Expert shell:
cpwd_admin start -name CI_CLEANUP
-path $FWDIR/bin/avi_del_tmp_files
-command "avi_del_tmp_files"
From Expert
shell:
cpwd_admin
stop -name
CI_CLEANUP
ci_http_server
On Security Gateway.
HTTP Server for Content
Inspection.
"CIHS".
From Expert shell:
cpwd_admin start -name CIHS -path
$FWDIR/bin/ci_http_server -command
"ci_http_server -j -f
$FWDIR/conf/cihs.conf"
From Expert
shell:
cpwd_admin
stop -name
CIHS
cpviewd
Management Server.
Check Point View ('cpview')
daemon.
"CPVIEWD".
From Expert shell:
cpwd_admin start -name CPVIEWD -
path "$FWDIR/bin/cpviewd" -command
"cpviewd"
From Expert
shell:
cpwd_admin
stop -name
CPVIEWD
cp_http_server
Management Server.
HTTP Server for OS WebUI and
Management Portal
(SmartPortal).
"CPHTTPD".
From Expert shell:
cpwd_admin start -name CPHTTPD -
path "$WEBDIR/bin/cp_http_server"
-command "cp_http_server -f
'$MPDIR/conf/cp_httpd_admin.conf'"
From Expert
shell:
cpwd_admin
stop -name
CPHTTPD
cpsnmpd
Management Server.
Listens on UDP port 260
and is capable of
responding to SNMP
queries for Check Point
OIDs only (under OID
.1.3.6.1.4.1.2620)
Accepts only SNMPv1
Supplied as a part of
Check Point Suite
($CPDIR/bin/cpsnmpd)
From Expert shell:
cpsnmpd -p 260
From Expert
shell:
killall
cpsnmpd

Related solutions
sk52421 (Ports used by Check Point software)
Give us Feedback
Rate this document
[1=Worst,5=Best]
Characters left: 2000
Copyright | Contact Us | Site Feedback | Privacy Policy | Site Map
2014 Check Point Software Technologies Ltd. All rights reserved.
Check Point Software Technologies, Inc. is a wholly owned
subsidiary of Check Point Software Technologies Ltd.
Additional comments...(Max 2000 characters allowed)

Checkpoint Processes and Daemons

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Checkpoint Processes and Daemons

Загружено:

Авторское право:

Доступные форматы

Home Products & Services Buy Support About Us

Вам также может понравиться