Create a Post
Showing results for 
Search instead for 
Did you mean: 

Kernel modules and chain modules

Hi all!

I am wondering about the relationship between kernel modules and the firewall chain (fw ctl debug -m & fw ctl chain)
I've gone through sk98799, but it raised a few questions for me.

As I understand, I can see which modules are active on the firewall by running fw ctl debug -m command.
And the chains (fw ctl chain) is the path/order of which the Check Point kernel will handle the traffic, based on configuration different modules will be enabled and since they are divided into the chains, the number of chains will be different. 
Is my understanding of the kernel modules and chains correct?

I get a bit confused regarding how to know where to perform the debug. Based on research on various forums & other locations, I've come to understand that several modules can work within one chain, for example "VM" chain module.

But how do I know where in the chain a module is working for example WS or RTM module?

As a general question as well, what does the output of fw ctl conn -a mean?

Thanks in advance!

0 Kudos
1 Reply

Re: Kernel modules and chain modules

The items listed in fw ctl chain will depend on which features are enabled, thus the number of modules listed will vary from system to system.

Different modules serve different functions and I would defer to specific SKs where these are detailed or conversations with the Check Point TAC as to which modules to debug in which circumstances.

As some functions cross modules, it's possible multiple modules require debugging, which is why the answer is largely situation specific.

fw ctl conn -a is a command I am not familiar with.

It is mentioned in the following sks:

fwsync: there is a different installation of Check Point's products on each member of this clus... 

Connections Table Format 

0 Kudos