- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix! 
All Videos In One Space
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Incoming and outgoing TCP sequence numbers should not be changed at the Check Point firewall. I have always asked myself how this can be explained and I have come to the following solution!
This can be checked with the following one-liner:
fw ctl zdebug + packet |grep -A 5 "==I\|==O" |grep -B 5 '<IP-ADDRESS>' |grep "==I\|==O\|Device"
Change the <IP-ADDRESS> in the one-liner to your device.
Please note that "fw ctl zdebug" can cause performance problems on firewalls.
More see here:
"fw ctl zdebug" Helpful Command Combinations
