This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_Kumar
Explorer
‎2018-12-18 04:09 AM

Delete a specific connection entry in Checkpoint Gateway

Hi Guys,

I want to find out stale entries in connection table in Checkpoint gateway and want to delete a specific entry from table..

I got some script over internet but that is not certified with Checkpoint so do want to try directly.

Thanks!

Arun Kumar

2 Replies
Alisson_Lima
Contributor
‎2018-12-18 05:28 AM

Hi Arun Kumar,

I recommend you follow the SK103876, but is stressful situation calculating HEX numbers of connections. And then, Kaspars Zibarts‌ wrote a excellent article here about a good method to do it:

How to manually delete an entry from the Connections Table 

Regards,

Alisson Lima

0 Kudos
Daniel_Betancou
Employee
Employee
‎2018-12-18 06:04 AM

There is not out of state entries on the connection table. the security gateway does not storage them, for example if you are under a DDoS attack millions of ACK will arrive to the gateway but non of them will be save on the connection table. for obvious reasons.

You can delete an specific entry with the command bellow however is not recommended on production environments :

fw tab -t connections -x -e <5 touple on HEX >

Example :
fw tab -t connections -x -e  0000020,ad1e2f98,0000cb08,ab1aa870,0000470c,00000006 

to see your connection table :
#fw tab -t 8158

after the connection is delete you will have some out of state drops until the connection is established once again. 
 

0 Kudos