How to extract the configuration for Check Point devices via the CLI
You can use the CLI to establish the trust relationship and to connect and get you Check Point Firewall configuration.
Please Note: This guide is for Nipper (v2) only.
It is recommended you review the main device guide: How can I remotely audit Check Point R80 devices with Nipper?
Check Point configuration retrieval via the CLI
To do so, you can specify a remote device by using the --remote-device parameter, which takes the IP address of you Check Point firewall as the argument.
You will then need to add the following options, --Check Point, which specifies this is a remote Check Point device, --username, which is the administrative username for the device, --password, which is the corresponding password, and finally -- objectname, which is the name of the object that you specified when setting up the Check Point Firewall.
If you have yet to get the certificate from the device you will be prompted to continue, and then to enter the one-time password, otherwise Nipper will carry on and retrieve the configuration.
You can add additional arguments to the command line, just like normal, and Nipper will process them, the Check Point device (assuming the configuration was retrieved successfully) will be treated like any other device that might have been specified.
The below images demonstrate using the command line on Windows. For Linux, the commands and options are the same.