Firewall / IPS / IDS Configuration Tips and Tricks and more..
This is Blog is created to excel our knowledge in Checkpoint, Nokia IP, Nortel Switched Firewalls, Fortigate, Juniper, IBM ISS SiteProtector, IPS/IDS and more...
Friday, May 28, 2010
fw ctl or checkpoint tables details
Holidays are over, Checkpoint failures are back, so business as usual. Today I want to draw your attention to often overlooked information source – Checkpoint state tables. While running, the firewall creates, keeps and updates various tables it needs for correct functioning. These tables contain parameters that are mostly of use for firewall itself, but you can query them on the cli, sometimes even flush them as well. To see all tables with its contents you type – [Expert@Hollywood]# fw tab To see only table names – [Expert@Hollywood]# fw tab | grep "\-\-\-\-\-\-\-"
Now round up of some useful for whatever reason tables you should know about.
NOTE – When service is not loaded corresponding table isnt as well # fw tab -t http_av_scan_exclusion
Table http_av_scan_exclusion not loaded: Invalid argument
Most of the time values in these tables are presented as integer or hex values , and almost always they contain IP addresses. Adding –f option to the command deciphers output a bit but not completely , so IP integer-to-decimal converter will be very handy.
To see local encryption domain of this gateway without entering SmartDashboard: # fw tab -f -t vpn_enc_domain
List all NAT rules .
Some explanation here . Here all IP addresses are in hexadecimal representation . To translate it to usual decimal one I translate (say using calc.exe) Hex -> Integer , then using some Internet converter , Integer -> decimal . In () are my comments # fw tab -f -t NAT_rules