There are times when you have to restart the fwd deamon. You might have to restart this in case the firewall starts logging locally, or you encounter a runaway process where the firewall experiences high CPU, or other instances where the firewall might start dropping packets for not so well known reasons.You can use this command to restart the Firewall deamon, fwd process using the watchdog services.
There a few ways of restarting the fwd process. This is one of the best ways of doing it.
Stop fwd:
cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"
Start fwd:
cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd"
Example:
CheckpointFW[admin]# cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"
cpwd_admin:
Process FWD (pid=1336) stopped with command 'fw kill fwd'. Exit code 0.
CheckpointFW[admin]# ps -aux | grep fwd
root 626 0.0 0.1 256 1076 ?? Is 22Sep06 0:00.01 /opt/CPfw1-R55p/bin/ifwd
CheckpointFW[admin]# cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"
cpwd_admin:
Process FWD process has been already terminated
CheckpointFW[admin]# cpwd_admin start -name FWD -path "$FWDIR/bin/fw" -command "fwd"
cpwd_admin:
Process FWD started successfuly (pid=24095)
CheckpointFW[admin]#
CheckpointFW[admin]#
CheckpointFW[admin]# ps -aux | grep fwd
root 24095 12.3 1.2 21204 25008 ?? Ds 4:11AM 0:01.36 fwd (fw)
root 626 0.0 0.1 256 1076 ?? Is 22Sep06 0:00.01 /opt/CPfw1-R55p/bin/ifwd
root 24148 0.0 0.0 404 224 p0 S+ 4:11AM 0:00.01 grep fwd
CheckpointFW[admin]# exit
Note: This would reset the existing VPN tunnels. So please check the existing VPN tunnels using the
VPN tu command before using the this command.
There are also other ways to restart the fwd deamon. Another way of doing it is to kill the fwd
process.
You can also use the fwstop, fwstart command to restart the fwd process.