How do you verify the Check Point kernel running on a firewall?
A. fw ctl get kernel
B. fw ctl pstat
C. fw kernel
D. fw ver -k
6 Comments on “How do you verify the Check Point kernel running on a firewall?”
Paul Bsays:
fw ctl pstat will display internal stats!!! The correct answer is, of course, D – fwver -k
0
0
Tony Unitsays:
Paul B is spot on, its D. fw ver -k
0
0
Gregsays:
Not so fast….. fw ver -k does provide the kernel VERSION, it does NOT tell you whether or not it is RUNNING. fw ctl pstat provides a list of statistics, including those about the kernel that could (arguably) be used to determine if it is/is not running, including:
Hash kernel memory (hmem) statistics:
Total memory allocated: 104857600 bytes in 25598 4KB blocks using 2 pools
Initial memory allocated: 20971520 bytes (Hash memory extended by 83886080 bytes)
Memory allocation limit: 419430400 bytes using 10 pools
Total memory bytes used: 18255740 unused: 86601860 (82.59%) peak: 45629060
Total memory blocks used: 6021 unused: 19577 (76%) peak: 12193
Allocations: 2058965552 alloc, 10735 failed alloc, 2058777958 free
Kernel memory (kmem) statistics:
Total memory bytes used: 126757668 peak: 156704076
Allocations: 2059036315 alloc, 0 failed alloc, 2058835617 free, 0 failed free
External Allocations: 0 for packets, 0 for SXL
Not sure I’m quite yet ready to stick a fork in this one….
0
0
Gregsays:
I don’t have a lab machine I can blow up. Can anyone confirm whether or not fw ver -k drops the kernel information should the kernel actually stop running?
0
0
Christian B.says:
I think the problem is with the question. It doesn’t ask if the kernel is running or not, it just says how do you verify the running kernel. The fw ver -k command will give you the kernel version.
0
0
rulassays:
the aswer is D. this is an output from one FW
# fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) R75.45 – Build 193
kernel: R75.45 – Build 193
fw ctl pstat will display internal stats!!! The correct answer is, of course, D – fwver -k
0
0
Paul B is spot on, its D. fw ver -k
0
0
Not so fast….. fw ver -k does provide the kernel VERSION, it does NOT tell you whether or not it is RUNNING. fw ctl pstat provides a list of statistics, including those about the kernel that could (arguably) be used to determine if it is/is not running, including:
Hash kernel memory (hmem) statistics:
Total memory allocated: 104857600 bytes in 25598 4KB blocks using 2 pools
Initial memory allocated: 20971520 bytes (Hash memory extended by 83886080 bytes)
Memory allocation limit: 419430400 bytes using 10 pools
Total memory bytes used: 18255740 unused: 86601860 (82.59%) peak: 45629060
Total memory blocks used: 6021 unused: 19577 (76%) peak: 12193
Allocations: 2058965552 alloc, 10735 failed alloc, 2058777958 free
System kernel memory (smem) statistics:
Total memory bytes used: 214028916 peak: 230531536
Blocking memory bytes used: 2902484 peak: 2942580
Non-Blocking memory bytes used: 211126432 peak: 227588956
Allocations: 70765 alloc, 0 failed alloc, 57659 free, 0 failed free
Kernel memory (kmem) statistics:
Total memory bytes used: 126757668 peak: 156704076
Allocations: 2059036315 alloc, 0 failed alloc, 2058835617 free, 0 failed free
External Allocations: 0 for packets, 0 for SXL
Not sure I’m quite yet ready to stick a fork in this one….
0
0
I don’t have a lab machine I can blow up. Can anyone confirm whether or not fw ver -k drops the kernel information should the kernel actually stop running?
0
0
I think the problem is with the question. It doesn’t ask if the kernel is running or not, it just says how do you verify the running kernel. The fw ver -k command will give you the kernel version.
0
0
the aswer is D. this is an output from one FW
# fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) R75.45 – Build 193
kernel: R75.45 – Build 193
0
0