https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108836#M20712 <P>Hello,</P><P>I came across this topic&nbsp;<A href="https://community.checkpoint.com/t5/General-Topics/SecureXL-Connections-Table/td-p/16889," target="_blank">https://community.checkpoint.com/t5/General-Topics/SecureXL-Connections-Table/td-p/16889,</A>&nbsp;Timothy_Hall had a comment :</P><P><SPAN>"the connection is NATted there are four separate flows being tracked (c2s/outbound pre-NAT, c2s/outbound post-NAT, s2c/inbound pre-NAT, s2c/inbound post-NAT)."</SPAN></P><P><SPAN>This could answer my first question <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</SPAN></P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P> Tue, 26 Jan 2021 08:43:58 GMT Equipe_reseau 2021-01-26T08:43:58Z https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108701#M20685 <P>Hello all,<BR />I have a small question about the proportion and some involved position of the connections located on connections table (fw tab -t connections)<BR />If A(client) connects to B(server), it could be generated as follow:<BR />&lt;0, Client_IP, Client_Port, Server_IP, Server_Port, Protocol_Number&gt; = Client side, inbound<BR />&lt;1, Client_IP, Client_Port, Server_IP, Server_Port, Protocol_Number&gt; = Server side, outbound<BR />&lt;0, Server_IP, Server_Port, Client_IP, Client_Port, Protocol_Number&gt; = Server side, inbound<BR />&lt;1, Server_IP, Server_Port, Client_IP, Client_Port, Protocol_Number&gt; = Client side, outbound<BR />But If A is NATted (I called A+), what will we have?<BR />As my investigation, the third entry will be changed :<BR />&lt;0, Server_IP, Server_Port, A+, Client_Port, Protocol_Number&gt; = Server side, inbound<BR />Am I correct?</P><P>So much confusion when looking at tables of checkpoint kernel :))</P><P>Another thing,what is the format of table cphwd_db(fw tab -u -t cphwd_db).<BR />I followed sk41618 which give a description:</P><P>&lt;Source_IP, Source_Port, Dest_IP, Dest_Port, Proto; Bitmask_of_SecureXL_Flags, Pointer&gt;</P><P>In fact, the output is quite different :</P><P>Example:<BR />&lt;01010101,0000d80f, ,02020202,00000006; 0004000d, 00002aaa, ac697fb8, 00002aaa&gt; ==&gt; which one is Bitmask_of_SecureXL_Flags?</P><P>Thank for your help.</P> Mon, 25 Jan 2021 04:48:37 GMT https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108701#M20685 Equipe_reseau 2021-01-25T04:48:37Z https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108705#M20687 <P>I haven't looked at the connections table in detail in a while, but logically what you say makes sense.<BR />The contents of cphwd_db are a bit different likely because the last time the SK was updated was...2014.<BR />I recommend leaving feedback on the SK to ensure it gets updated.<BR />Meanwhile, I'll "phone a friend." <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 25 Jan 2021 05:04:51 GMT https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108705#M20687 PhoneBoy 2021-01-25T05:04:51Z https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108836#M20712 <P>Hello,</P><P>I came across this topic&nbsp;<A href="https://community.checkpoint.com/t5/General-Topics/SecureXL-Connections-Table/td-p/16889," target="_blank">https://community.checkpoint.com/t5/General-Topics/SecureXL-Connections-Table/td-p/16889,</A>&nbsp;Timothy_Hall had a comment :</P><P><SPAN>"the connection is NATted there are four separate flows being tracked (c2s/outbound pre-NAT, c2s/outbound post-NAT, s2c/inbound pre-NAT, s2c/inbound post-NAT)."</SPAN></P><P><SPAN>This could answer my first question <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</SPAN></P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P> Tue, 26 Jan 2021 08:43:58 GMT https://community.checkpoint.com/t5/General-Topics/Question-about-connections-table-and-cphwd-db-table/m-p/108836#M20712 Equipe_reseau 2021-01-26T08:43:58Z