Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Olga_Kuts
Advisor
Jump to solution

How to see what firewall rules match some traffic

I need to see what firewall rules match some traffic. There are a lot of rules in my policy, accordingly, not all rules are logged. What kind of debug and which flags can I use for this purpose (except the flag "conn")? Or what method can I use for this purpose?

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority

Not exactly what you want, but sort of

https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands#comment-14596 

EDIT: Check this thread:

CPT - Check Point Packet Trace Utility ? 

EDIT2:

And the winner is (hidden tool in R80):

fw up_execute 

Kind regards,
Jozko Mrkvicka

View solution in original post

9 Replies
G_W_Albrecht
Legend Legend
Legend

Maybe this helps: sk85780 - How to use the 'connstat' utility

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Olga_Kuts
Advisor

Unfortunately, no. Connstat we can use only for Windows. For Gaia we can use CPmonitor, but is not supported on a 64-bit based OS.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I do not understand - you can collect the table using

fw tab -t connections -u > /var/log/Connections_Table.txt

transfer it to the PC and run the utility with the relevant flags:

C:\> connStat.exe -f Name_of_Table_File.txt [-a|-c|-s|-r|-l|-p|-d|-n <number>] > Name_of_Output_File.txt

Also, CPMonitor 32bit limitation should not apply here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Olga_Kuts
Advisor

Thanks for explanation, but it does not suit me, unfortunately.

I need to see what rule number match traffic with specific dst and src address.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Now i understand! This is all in the used connections table, but you must analyze it yourself, see sk65133: Connections Table Format

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JozkoMrkvicka
Authority
Authority

Not exactly what you want, but sort of

https://community.checkpoint.com/thread/5319-my-top-3-check-point-cli-commands#comment-14596 

EDIT: Check this thread:

CPT - Check Point Packet Trace Utility ? 

EDIT2:

And the winner is (hidden tool in R80):

fw up_execute 

Kind regards,
Jozko Mrkvicka
Olga_Kuts
Advisor

fw up_execute is a winner, you are right)

RickHoppe
Advisor
No need to go into CLI, you can use Packet Mode in SmartConsole R80.10+. See https://community.checkpoint.com/thread/5233-packet-mode-a-new-way-of-searching-through-your-securit...


My blog: https://checkpoint.engineer
Alexander_Baue1
Contributor

Hello
The easy Way enable on Smart Console the Option Hit than you can see if the all the Policys are in use.
Alexander

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events