topic R81.20 SAM RULE CLI in Firewall and Security Management

R81.20 SAM RULE CLI

Benny_On — Thu, 12 Sep 2024 10:11:02 GMT

Hi everyone,

I'm newbie with Checkpoint Gaia. I want configure a SAM Rule through CLI on SMS, but cheat sheet is hard to understand.

How to set a CLI command to "Drop icmp service from source 10.10.10.2 to dest 192.168.1.2 on Gateway name: CP-GW and expired time is 1 hour ?

Thank & best regard.

Benny_On

Re: R81.20 SAM RULE CLI

PhoneBoy — Thu, 12 Sep 2024 21:29:04 GMT

ICMP is protocol 1.
I believe (but am not certain) the various ICMP types codes would be the service.
This means to block ICMP Echo Request for an hour: fw sam -s CP-GW -t 3600 -j srv 10.10.10.2 192.168.1.2 1 1

Re: R81.20 SAM RULE CLI

Benny_On — Fri, 13 Sep 2024 03:11:41 GMT

Dear PhoneBoy,

Thank you for your answer,

According to your CLI and cheat sheet, I understand following:
-s: Gateway Server
-t: Timeout in seconds
-j: Drop connection
srv: <src ip> <dst ip> <service> <protocol>

Seem like, SAM rule require the parameters go in order. In the other example: Drop all connection to dst_ip 192.168.2.2 all service for an hour: "fw sam -s CP-GW -t 3600 -j any dst 192.168.2.2" --> Is this command is right ?

Best regard,

Benny_On

Re: R81.20 SAM RULE CLI

PhoneBoy — Fri, 13 Sep 2024 13:25:02 GMT

When entering any CLI command (including fw sam), flags/switches to the command with their arguments (e.g. -s CP-GW) are specified before other arguments.
The "other arguments" in this case are the criteria listed in the fw sam help and must be listed in the exact order.

If your goal is is to drop all packets to destination IP 192.168.2.2 (regardless of source), the command is: fw sam -s CP-GW -t 3600 -j dst 192.168.2.2