This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
HeikoAnkenbrand
Ruby
‎2019-05-22 11:51 PM

Check Inbound and Outbound TCP Sequece Numbers on R80.20+

Incoming and outgoing TCP sequence numbers should not be changed at the Check Point firewall. I have always asked myself how this can be explained and I have come to the following solution!

This can be checked with the following one-liner:

 

fw ctl zdebug + packet |grep -A 5 "==I\|==O" |grep -B 5 '<IP-ADDRESS>' |grep "==I\|==O\|Device"

 

Change the <IP-ADDRESS> in the one-liner to your device.


SEQUENZ.png

Please note that "fw ctl zdebug" can cause performance problems on firewalls.

More see here:
"fw ctl zdebug" Helpful Command Combinations

Tags (1)
Reply
1 Reply
Highlighted
Ilan_Khoushy
Ivory
‎2019-06-06 04:32 AM

Re: Check Inbound and Outbound TCP Sequece Numbers on R80.20+

The oneliner is a little different at R77.30.

0 Kudos
Reply