topic Re: cli logs in General Topics

cli logs

ebinva — Mon, 24 Feb 2025 18:59:13 GMT

Hi all,

I need syntax of the command , which provide complete details of traffic flow including details of tcp state, inbound and outbound,rule name, service , conn module details on checkpoint firewall live logs for tcpdump or Fw monitor.

Re: cli logs

_Val_ — Mon, 24 Feb 2025 20:07:22 GMT

This is probably more than a single command. Also, logs are usually sent to the management and handled there.

Can you elaborate on your usecase?

Re: cli logs

the_rock — Mon, 24 Feb 2025 20:50:53 GMT

As Val said, definitely more than a single command.

Andy

Re: cli logs

ebinva — Mon, 24 Feb 2025 20:57:15 GMT

there is a traffic between particular source and destination on specific port, we need to check inbound and outbound traffic flow of packet with details of tcp details, connect status ,rule for accepting or rejecting etc.

Re: cli logs

the_rock — Mon, 24 Feb 2025 21:00:09 GMT

So for rule accepting, you can use below examples:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/FWG/fw-up_execute.htm

For traffic itself, try something like below and -F flag can be used as many times as you like.

fw monitor -F "1.1.1.1,0,2.2.2.2,4434,0" -F "2.2.2.2,0,1.1.1.1,4434,0"

In that example, 1.1.1.1 is src, 2.2.2.2 is dst and logic is like this:

src ip, src port, dst ip, dst port, protocol

Andy

Re: cli logs

Bob_Zimmerman — Mon, 24 Feb 2025 21:35:38 GMT

Pretty sure you can only provide up to five -F flags. Also, I'm not aware of any way to do partial matches (e.g, to match a source network), only an exact value or a whole-field wildcard, so it's easy to burn through those five when troubleshooting all but the most trivial flows.

Re: cli logs

the_rock — Mon, 24 Feb 2025 21:52:45 GMT

Thanks Bob, thats good to know. I thought it was as many -F flags as you needed.

Andy