Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jk
Explorer
Explorer

INSPECT language

I searched quite a bit, and I couldn't find any proper documentation about the syntax of INSPECT. A few lines in an introduction to fw monitor, a ten-year-old online course site which I doubt is up-to-date, and that's about it. Is there a good resource on this, short of cracking open my lab SMS and dissecting the INSPECT code present there?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

We haven't published documentation about INSPECT since version 2 of the product.
The basic syntax of INSPECT hasn't changed in quite some time.
We generally don't support custom-written INSPECT code, except for the limited purposes of using fw monitor.
Can you explain what you're trying to achieve?
0 Kudos
jk
Explorer
Explorer

Well, mostly curiosity and a bit of hacker instinct, I guess. More concretely I was hoping to understand the underlying implementation of the packet filtering process to be able to reason about performance on a deeper level than "rules with lots of hits go on top".

 

My concrete application, if you want to call it that: It's been irking me for a while that in SmartConsole the presentation of the rules is deeply tied up with their implementation. This has led me to wonder if one couldn't build an alternative, more declarative interface, with the generation of the actual policy and optimization based on past rule hits taken care of by some piece of translator software. And this is where INSPECT comes in, cutting out the middleman mgmt_cli: It's definitely possible to do this via the existing tools, generating an Original Flavor ruleset from a declarative specification, but if possible it'd be better to avoid that detour. No dependencies regarding specific interface implementations, better reasoning about performance, hell, maybe even greater potential for optimization due to lower-level access. And yeah, greater potential for accidentally breaking things - I guess that's why you don't release documentation, isn't it?

0 Kudos
Timothy_Hall
Legend Legend
Legend

But what about the 20 pages in Chapter 14 of your book "Essential Check Point Firewall-1 NG"?

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin

"We" being Check Point 😉

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events