This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-10-15 12:31 AM

R80.20 SecureXL + new chain modules + fw monitor

SecureXL has been significantly revised in R80.20. It now works in user space. This has also led to some changes in "fw monitor"

There are new fw monitor chain (SecureXL) objects that do not run in the virtual machine.

 

SecureXL offloading chain modules

 

# fw ctl chain

 

The new fw monitor chain modules (SecureXL) do not run in the virtual machine (vm).

 

SecureXL inbound (sxl_in)                 > Packet received in SecureXL from network

SecureXL inbound CT (sxl_ct)           > Accelerated packets moved from inbound to outbound processing (post routing)

 

SecureXL outbound (sxl_out)            > Accelerated packet starts outbound processing

SecureXL deliver (sxl_deliver)          > SecureXL transmits accelerated packet

 

 New vm chain modules in R80.20

 

There are more new chain modules in R80.20

 

vpn before offload (vpn_in)                  > FW inbound preparing the tunnel for offloading the packet (along with the connection)

fw offload inbound (offload_in)            > FW inbound that perform the offload

fw post VM inbound  (post_vm)            > Packet was not offloaded (slow path) - continue processing in FW inbound

 

# fw ctl chain

 

fw monitor chain keys

 

In Firewall kernel (now also SecureXL), each kernel is associated with a key (blue) witch specifies the type of traffic applicable to the chain modul.

 

# fw ctl chain

 

Key Function
ffffffff IP Option Stip/Restore
00000001 new processed flows
00000002 wire mode
00000003 will applied to all ciphered traffic (VPN)
00000000 SecureXL offloading (new in R80.20+)
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
6 Replies
christian_konne
Participant
‎2018-10-15 08:48 AM

Is this only valid for R80.20 or also for R80.10?

Cheers

Christian

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-10-15 08:53 AM

Hi christian,

only R80.20+

Regards,

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-03-09 12:44 PM

And R80.30EA

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
TheGrave
Contributor
‎2020-06-15 08:03 AM

Doesn't the ffffffff value actually mean that chain applies to all packets?
0 Kudos
_Val_
Admin
Admin
‎2020-06-15 11:51 PM
In response to TheGrave

Yes ti does.

0 Kudos
_Val_
Admin
Admin
‎2020-06-15 11:58 PM
In response to _Val_

In fact, here is the list:

in which mode this chain check
1 – stateful mode
2 – wired mode
3 – all packets
fff – al packets (same as 3)

0 is added, as @HeikoAnkenbrand said, but the rest of interpretation is a bit... off. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events