I've been trying to understand all the Check Point terms for the last 25 years. Here is my Top 100 list of terms that might help you.
The following terms are used on CLI for firewall debug, processes and daemon:
accel SecureXL
acct Application Control accounting
advp advanced patterns (signatures over port ranges)
APPI Application Control
aspii Accelerated Stateful Protocol Inspection Infrastructure (INPSECT streaming)
async IA checking known network
av Anti-Virus inspection
avi_del_tmp_files Shell script that periodically deletes various old temporary Anti-Virus files
balance ConnectControl -logical servers in kernel , load balancing
btime browse time
cache_tab cachetable infrastructure
ccp Cluster Control Protocol (CCP)
cgnat Carrier Grade NAT (CGN/CGNAT)
chain chain modules
chainfwd chain forwarding - cluster
chainq QoS holding and releasing packets during critical actions (policy install / uninstall)
CI Content Inspection
ci_http_server HTTP Server for Content Inspection
clishd Gaia Clish CLI interface process - general information for all Clish sessions
clish Gaia Clish CLI interface
clob data classification-Classification Object (CLOB)
cloningd Cloning Groups daemon
cluster ClusterXL
cmi Context Management Infrastructure
cmi_inspect cmi_loader - INSPECT code
cmi_loader CMI loader
cmi_module cmi_loader module operations -initialization, module loading, calls to module, contexts, etc.
confd Database and configuration
conn Connections Table issues
connstats connections statisticsfor Evaluation of Heavy Connectionsin CPView (refer to sk105762)
context operations on Memory context and CPU context
CPAS CPAS (Check Point Active Streaming)
cpca Check Point Internal Certificate Authority (ICA)
cpcode Data LossPrevention (DLP) CPcode
cpd Check Point processes / daemon
cpdiag CPDiag operations
cp_file_convert Used to convert various file formats to simple textual format for scanning by the DLP engine
cphaconf installs cluster configuration or CLI command 🙂
cphamcset Clustering daemon
cphaprob Process that lists the state of cluster members or CLI command 🙂
cphastart Starts the cluster and state synchronization.
cphastop Stops the cluster and state synchronization
cp_http_server HTTP Server for Management Portal (SmartPortal) and for OS WebUI
cp_http_server HTTP Server for OS WebUI and Management Portal
cplmd get the data that should be presented in SmartView Tracker
cpm Check Point management daemon (PostgreSQL and SOLR databases)
cposd SMB-specific daemon responsible for OS Networking operations
cprid Check Point Remote Installation Daemon
cprid_wd WatchDog for Check Point Remote Installation Daemon
cpsead Responsible for Correlation Unit functionality
cpsemd Responsible for logging into the SmartEvent GUI
cpsnmpd SNMP queries for Check Point OIDs
cpstat_monitor Process is responsible for collecting and sending information to SmartView Monitor
cptls CRYPTO-PRO Transport Layer Security (HTTPS inspection)
cpviewd CPView Utility daemon (sk101878)
cpview_historyd CPView Utility History daemon (sk101878).
cpwd WatchDog monitors critical processes such as Check Point daemons
cpwmd Check Point Web Management daemon
crypto basic information about encryption and decryption
cserver Check Server that either stops or processes the e-mail
ctasd Commtouch Anti-Spam daemon
ctipd Commtouch IP Reputation daemon.
cu Connectivity Upgrade (sk107042)
cvpnd Back-end daemon of the Mobile Access Software Blade
cvpnd processingof connections handles by Mobile Access daemon
cvpnproc Offload blocking commands from cvpnd
CvpnUMD Report SNMP connected users to AMON
DAService Check Point Upgrade Service Engine (CPUSE) - (sk92449)
dbsync DBsync enables SmartReporter to synchronize data stored in different parts of the network.
dbwriter Offload database commands from cvpnd and synchronize with other members
dfa Pattern Matcher (Deterministic Finite Automaton) compilation and execution
df Decision Function -decides, which member will handle each packet in a Load Sharing mode
dfilter debug filteroperations
dhcpd DHCP server daemon
dlpda Data LossPrevention (DLP) Download Agent
dlp Data Loss Prevention
dlp_fingerprint Used to identify the data according to a unique signature
dlpk Data LossPrevention (DLP) Kernel Module
dlpu DLP process - receives data from Check Point kernel.
dlpuk Data LossPrevention (DLP) User Module
dnstun DNS tunnels
domain DNS queries
dos DDoS attack mitigation(part of IPS)
dropbear Lightweight SSH server on SMB appliance
dynlog dynamic log enhancement (INSPECT logs)
fg FloodGate-1 (QoS)
FILEAPP File Application
filecache Content Awareness file caching
flofiler Flow profiler
fwapp information about policy installation for FireWall application
fwd Firewall processes / daemon
fwdlp DLP core engine that performs the scanning / inspection
fw Firewall
fwm Communication between SmartConsole applications and Security Management Server
fwpushd Mobile Access Push Notifications daemon
fwstats FW-1 statistics
fwucd DLP UserCheck back-end daemon that sends approval / disapproval requests to user
ghtab multi-threaded safe global hash tables
glue glue layer messages
gtp GPRS Tunneling Protocol(GTP)
gtp GTP (GPRS Tunneling Protocol)
h323 VoIP H.323
htab multi-threaded safe hash table
httpd2 Web server daemon (Gaia Portal)
httpd Endpoint Policy Management Server
httpd Front-end daemon of the Mobile Access Software Blade (multi-processes)
IA_htab IA checking for network IP address, working with kernel tables
ICAP_CLIENT Internet Content Adaptation Protocol client
IDAPI Identity Awareness
ifnotify notification of changes in interface status -up or down (received from OS)
in.acapd Packet capturing daemon for SmartView Tracker logs
in.emaild.mta E-Mail Security Server
in.emaild.pop3 POP3 Security Server that receives e-mails sent by user
in.emaild.smtp MTP Security Server that receives e-mails sent by user and sends them to their destinations
in.geod Updates the IPS Geo Protection Database
in.msd Mail Security Daemon that queries the Commtouch engine for reputation.
interpreter Process is responsible for Compliance Blade database scan.
ioctl IOCTL control messages -communication between kernel and daemon
ipopt IP options enforcement
java_solr Events are stored in the SOLR database (Jetty Server) part of cpm
kbuf kernel-buffer
kissd KISS –used for kernel memory management
kissflow Kernel Infrastructure Flow
kiss Kernel Infrastructure
kisspm Kernel Infrastructure Pattern Matcher
kqstats Kernel Worker thread statistics mechanism
kw Kernel Worker state and Pattern Matcher inspection
ld kernel dynamic tables infrastructure -reads from / writes to the tables
lea_session LEA OPSEC session
lea LEA OPSEC - logs
llq QoS low latency queuing
log_consolidator Log Consolidator for the SmartReporter product
log_indexer R80 Log indexer
lpd Log Parser Daemon – Search predefined patterns in log files
mab Mobile Access handler
machine INSPECT Virtual Machine
MALWARE Malware (Threat Prevention)
mem_pool memory pool
mgcp Media Gateway Control Protocol
mgr policy installationmanager
misc miscellaneous helpful information
misp ISP Redundancy
mmagic MAC magic - operations (getting, setting, updating, initializing, dropping,etc.)
monitorall debug -> fw monitor -p all
monitord Hardware monitoring daemon
monitor debug -> fw monitor
MoveFileDemuxer Related to MoveFileServer process (moving files between cluster members)
MoveFileServer Move files between cluster members in order to perform database synchronization
mpdaemon Apache server (which can have multiple processes for starting these web servers.
mrtsync synchronization (in kernel) between cluster members of Multicast Routes
msnms MSN over MSMS(MSN Messenger protocol)
mspi information related to creation and destruction of MSA / MSPI
mtctx multi-threaded context -memory allocation, reference count
multik CoreXL -> Multi-Kernel Inspection
mutex Unified Policy internal mutex operations
nac Network Access Control (NAC)
NRB Next Rule Base
ntup Non-TCP / Non-UDP traffic policy (traffic parser)
om_alloc allocationof Office Mode IP addresses
osu cluster Optimal Service Upgrade(sk107042)
packet_err invalid packets, for which dispatching decision can’t be made
packval statelessverifications -sequences, fragments, translations and other header verifications
parser file parsing or CMI parser
parsers_is cmi_loader parsers infrastructure
pcktdmp dumps the encryptedpackets before encryption/ decryptedpackets after decryption
pcre Perl Compatible Regular Expressions
pdpd IA Policy Decision Point daemon
pepd IA Policy Enforcement Point daemon
per_conn messages per connection (when a new connection is handled by RTM)
per_pckt messages per packet (when a new packet arrives is handled by RTM) or "con_conn"
Pinger Reduce the number of httpd processes performing ActiveSync.
pkt_dump traffic packet dump
pkxld Performs asymmetric key operations for HTTPS Inspection
PM_compile Pattern Matcher -pattern compilation
pmdump Pattern Matcher - DFA (dumping XMLs)
pm Gaia OS Process Manager
pmint Pattern Matcher compilation
pm Pattern Matcher - compilation and execution
pnote registering and monitoring of critical ClusterXL Devices
portscan port scanning prevention mechanics
postgres PostgreSQL server
prof Firewall Priority Queues-connection profiler (refer to sk105762)
q driver queue
qosaccel QoS acceleration
qos QoS (FloodGate-1)
queue Kernel Worker thread queues
quota cross-instance quota table
RAD_KERNEL Resource Advisor Kernel
rad Resource Advisor
rconfd Provisioning daemon
rem Regular Expression Matcher-Pattern Matcher 2nd tier (slow path)
report_mgr report manager
routed Routing daemon
rtdbd Real Time database daemon
rtmd Real Time traffic statistics.
RTM Real-Time Monitoring
salloc System Memory allocation
sam Suspicious Activity Monitoring
scanengine_b Third party engine.
scanengine_k Third party engine.
scanengine_s Third party engine.
scrub_cp_file_convertd Used to convert various file formats to simple textual format
scrubd Main Threat Extraction daemon
scrub Main CLI process for Threat Extraction
sctp Stream Control Transmission Protocol(SCTP)
scv SecureClient Verification
searchd Search indexing daemon
sec_rb secondary NRB rulebase operations
SFT Stream File Type
sfwd SMB fwd 🙂
SGEN Struct Generator
shmem shared memory allocation
sigload signatures loader, patterns, ranges
skinny Skinny Client Control Protocol -Cisco proprietary VoIP protocol
smartlog_server SmartLog product service
SmartView SmartEvent Web Application
sms Manages communication with UTM-1 Edge Security Gateways.
sm String Matcher-Pattern Matcher 1st tier (fast path)
sna SnA objects ("Services and Application)
snmpd SNMP (Linux) daemon
SOLR CPM databases communication
span mirror port(duplicates the network traffic)
spii Stateful Protocol Inspection Infrastructure and INSPECT StreamingInfrastructure
sshd SSH daemon
ssl_insp HTTPS SSL Inspection
sslt SSL TLS library
status_proxy Status collection of ROBO Gateways - SmartLSM / SmartProvisioning status proxy.
subs Subscribermodule -set of APIs, which enable user space processes (by using a DLL)
SVRServer Controller for the SmartReporter product. Traffic is sent via SSL
swblade registration of Software Blades
sxl_statd Allow acquiring statistics information from Host ppak and Falcon cards
synatk 'SYN Attack' (SYNDefender)IPS protection
sync synchronization operations in ClusterXL
syslogd Syslog (Linux) daemon
tcpinfo TCP processing messages
tcpstr TCP streaming mechanism
tcpt TCP Tunnel (Visitor mode) related information(FW traversal on port 443)
ted Threat Emulation daemon engine
temp_conns temporary connections
te Threat Emulation
tnlmon tunnel monitoring
topo information about topology and Anti-Spoofingof interfaces
ua Universal Alcatel "UA" Protocol
ucd UserCheck connectionsto other cluster members
UC UserCheck
uepm Endpoint Management Server
uf URL filters and URL cache
uid Cross-instance Unique IDs
upapp information about policy installation for Unified Policyapplication
upconv Unified Policy conversion
UPIS Unified Policy Infrastructure
UP Unified Policy
urlf_ssl Application Control/ URL Filtering for SSL
usrchkd Main UserCheck daemon, which deals with UserCheck requests
usrchk The CLI client for the UserCheck daemon USRCHKD
usrmem User Spaceplatform memory usage
utf7 conversion of UTF-7characters to a Unicode characters
utf8 conversion of UTF-8 characters to a Unicode characters
uuid session UUID
vbuf virtual buffer
vm Virtual Machine chain decisions on traffic going through fw_filter_chain
VPN_cookie virtual de-fragmentation cookie
vpnd VPN processes / daemon
vpn_multik MultiCore VPN (refer to sk118097)
vpn_tagging sets the VPN policy of a connection according to VPN communities, VPN Policy related info
VPN VPN
vs Virtual System (VSX)
wap Multimedia Messaging Service (Wireless Application Protocol)
wd WebDefense
wire wire-mode Virtual Machine chain module
worker Kernel Worker -queuing and dequeuing
wsdnsd DNS Resolver - activated when Security Gateway is configured as HTTP/HTTPS Proxy
WSIS Web Intelligence Infrastructure
WS_parser Web Intelligence HTTP header parser layer
WS_pfinder Web Intelligence pattern finder
WS_regexp Web Intelligence regular expression library
WS_SIP Web Intelligence SIP Parser
wstlsd Handles SSL handshake for HTTPS Inspected connections.
WS Web Intelligence
xl Accelerator cards interaction
xlate NAT - basic information
xltrc NAT - additional information -going through NAT rulebase
xpand Configuration daemon that processes and validates all user configuration requests,...
zeco Zero-Copy kernel module memory allocations
I think the list can also be extended to Top 1000:-)
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
