cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Olga_Kuts
Silver

How to see what firewall rules match some traffic

Jump to solution

I need to see what firewall rules match some traffic. There are a lot of rules in my policy, accordingly, not all rules are logged. What kind of debug and which flags can I use for this purpose (except the flag "conn")? Or what method can I use for this purpose?

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Platinum

Re: How to see what firewall rules match some traffic

Jump to solution

Not exactly what you want, but sort of

https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands#comment-14596 

EDIT: Check this thread:

CPT - Check Point Packet Trace Utility ? 

EDIT2:

And the winner is (hidden tool in R80):

fw up_execute 

Kind regards,
Jozko Mrkvicka

View solution in original post

9 Replies

Re: How to see what firewall rules match some traffic

Jump to solution
0 Kudos
Olga_Kuts
Silver

Re: How to see what firewall rules match some traffic

Jump to solution

Unfortunately, no. Connstat we can use only for Windows. For Gaia we can use CPmonitor, but is not supported on a 64-bit based OS.

0 Kudos

Re: How to see what firewall rules match some traffic

Jump to solution

I do not understand - you can collect the table using

fw tab -t connections -u > /var/log/Connections_Table.txt

transfer it to the PC and run the utility with the relevant flags:

C:\> connStat.exe -f Name_of_Table_File.txt [-a|-c|-s|-r|-l|-p|-d|-n <number>] > Name_of_Output_File.txt

Also, CPMonitor 32bit limitation should not apply here.

0 Kudos
Olga_Kuts
Silver

Re: How to see what firewall rules match some traffic

Jump to solution

Thanks for explanation, but it does not suit me, unfortunately.

I need to see what rule number match traffic with specific dst and src address.

0 Kudos

Re: How to see what firewall rules match some traffic

Jump to solution

Now i understand! This is all in the used connections table, but you must analyze it yourself, see sk65133: Connections Table Format

0 Kudos
JozkoMrkvicka
Platinum

Re: How to see what firewall rules match some traffic

Jump to solution

Not exactly what you want, but sort of

https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands#comment-14596 

EDIT: Check this thread:

CPT - Check Point Packet Trace Utility ? 

EDIT2:

And the winner is (hidden tool in R80):

fw up_execute 

Kind regards,
Jozko Mrkvicka

View solution in original post

Olga_Kuts
Silver

Re: How to see what firewall rules match some traffic

Jump to solution

fw up_execute is a winner, you are right)

RickHoppe
Silver

Re: How to see what firewall rules match some traffic

Jump to solution
No need to go into CLI, you can use Packet Mode in SmartConsole R80.10+. See https://community.checkpoint.com/thread/5233-packet-mode-a-new-way-of-searching-through-your-securit...


My blog: https://checkpoint.engineer
Highlighted

Re: How to see what firewall rules match some traffic

Jump to solution

Hello
The easy Way enable on Smart Console the Option Hit than you can see if the all the Policys are in use.
Alexander

0 Kudos