This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Contributor
Friday

Adding an entry to the connections table

Hi all!

In the R81.20 CLI Reference Guide, under fw tab section it shows this:

-a -e "<Entry>"

Adds the specified entry to the specified kernel table.

If a kernel table has the expire attribute, when you add an entry with the "-a -e <Entry>" parameter, the new entry gets the default table timeout.

You can use this parameter only on the local Security Gateway.

kamilazat_0-1720788416034.png

 

Warning - If you add a wrong entry, you can make your Security Gateway unresponsive.

 

I tried adding an entry in different formats in my lab, but every time the gateway became unresponsive (as warned). Now I have questions:

1. What is the 'right' entry that will not render the GW unresponsive? I used the 5-tuple format as stated in sk65133 to no avail.

2. Does connections table have an expire attribute? If yes where can I learn more about it?

Thanks as always!

0 Kudos
3 Replies
the_rock
Legend
Legend
Friday

Can you send an example you used? Happy to try in my lab.

 

Andy

0 Kudos
PhoneBoy
Admin
Admin
Friday

An exact example of what you tried would be helpful.
Having said that, adding or removing connection table entries from a live gateway is dangerous at best and not recommend.
Can you provide more details around WHY you are attempting to do this?

0 Kudos
kamilazat
Contributor
8 hours ago

Thank you for the inquiries.

I found out that it was possible while looking up potential solutions to "resurrecting" a connection back into connections table (as mentioned by Tim Hall in this post) for a customer. I found out in the documentation that it actually is possible to add an entry to kernel tables. So I started playing in my dummy lab. 
What I tried is to blindly add a connection entry using the 5-tuple format (from sk65133). And, of course, it rendered the gateway unresponsive and I had to revert to the previous snapshot.

We have opened a TAC case to troubleshoot the issue at hand. But since I started playing with connections table in a completely destroyable lab, I wanted to learn more about how it works and the reasons I'm failing in this. Maybe manually adding an entry is not possible in terms of connections table?

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events