Create a Post
Showing results for 
Search instead for 
Did you mean: 
Champion Champion

Top100 - Check Point Terms Overview for Debug

I've been trying to understand all the Check Point terms for the last 25 years. Here is my Top 100 list of terms that might help you.

The following terms are used on CLI for firewall debug, processes and daemon:

accel                                 SecureXL
acct                                   Application Control accounting
advp                                  advanced patterns (signatures over port ranges)
APPI                                  Application Control
aspii                                  Accelerated Stateful Protocol Inspection Infrastructure (INPSECT streaming)
async                                IA checking known network
av                                      Anti-Virus inspection
avi_del_tmp_files          Shell script that periodically deletes various old temporary Anti-Virus files
balance                            ConnectControl -logical servers in kernel , load balancing
btime                                browse time
cache_tab                        cachetable infrastructure
ccp                                    Cluster Control Protocol (CCP)
cgnat                                Carrier Grade NAT (CGN/CGNAT)
chain                                chain modules
chainfwd                          chain forwarding - cluster
chainq                              QoS holding and releasing packets during critical actions (policy install / uninstall)
CI                                      Content Inspection
ci_http_server                HTTP Server for Content Inspection
clishd                               Gaia Clish CLI interface process - general information for all Clish sessions
clish                                 Gaia Clish CLI interface
clob                                  data classification-Classification Object (CLOB)
cloningd                          Cloning Groups daemon
cluster                             ClusterXL
cmi                                   Context Management Infrastructure
cmi_inspect                    cmi_loader - INSPECT code
cmi_loader                     CMI loader
cmi_module                   cmi_loader module operations -initialization, module loading, calls to module, contexts, etc.
confd                               Database and configuration
conn                                Connections Table issues
connstats                       connections statisticsfor Evaluation of Heavy Connectionsin CPView (refer to sk105762)
context                            operations on Memory context and CPU context
CPAS                               CPAS (Check Point Active Streaming)
cpca                                Check Point Internal Certificate Authority (ICA)
cpcode                            Data LossPrevention (DLP) CPcode
cpd                                  Check Point processes / daemon
cpdiag                             CPDiag operations
cp_file_convert              Used to convert various file formats to simple textual format for scanning by the DLP engine
cphaconf                         installs cluster configuration or CLI command 🙂
cphamcset                     Clustering daemon
cphaprob                        Process that lists the state of cluster members or CLI command 🙂
cphastart                       Starts the cluster and state synchronization.
cphastop                        Stops the cluster and state synchronization
cp_http_server             HTTP Server for Management Portal (SmartPortal) and for OS WebUI
cp_http_server             HTTP Server for OS WebUI and Management Portal
cplmd                             get the data that should be presented in SmartView Tracker
cpm                                Check Point management daemon (PostgreSQL and SOLR databases)
cposd                              SMB-specific daemon responsible for OS Networking operations
cprid                               Check Point Remote Installation Daemon
cprid_wd                        WatchDog for Check Point Remote Installation Daemon
cpsead                            Responsible for Correlation Unit functionality
cpsemd                          Responsible for logging into the SmartEvent GUI
cpsnmpd                        SNMP queries for Check Point OIDs
cpstat_monitor             Process is responsible for collecting and sending information to SmartView Monitor
cptls                               CRYPTO-PRO Transport Layer Security (HTTPS inspection)
cpviewd                          CPView Utility daemon (sk101878)
cpview_historyd           CPView Utility History daemon (sk101878).
cpwd                              WatchDog  monitors critical processes such as Check Point daemons
cpwmd                           Check Point Web Management daemon
crypto                             basic information about encryption and decryption
cserver                           Check Server that either stops or processes the e-mail
ctasd                              Commtouch Anti-Spam daemon
ctipd                               Commtouch IP Reputation daemon.
cu                                    Connectivity Upgrade (sk107042)
cvpnd                              Back-end daemon of the Mobile Access Software Blade
cvpnd                              processingof connections handles by Mobile Access daemon
cvpnproc                        Offload blocking commands from cvpnd
CvpnUMD                      Report SNMP connected users to AMON
DAService                     Check Point Upgrade Service Engine (CPUSE) - (sk92449)
dbsync                           DBsync enables SmartReporter to synchronize data stored in different parts of the network.
dbwriter                        Offload database commands from cvpnd and synchronize with other members
dfa                                  Pattern Matcher (Deterministic Finite Automaton) compilation and execution
df                                    Decision Function -decides, which member will handle each packet in a Load Sharing mode
dfilter                             debug filteroperations
dhcpd                             DHCP server daemon
dlpda                              Data LossPrevention (DLP) Download Agent
dlp                                  Data Loss Prevention
dlp_fingerprint             Used to identify the data according to a unique signature
dlpk                                Data LossPrevention (DLP) Kernel Module
dlpu                                DLP process - receives data from Check Point kernel.
dlpuk                              Data LossPrevention (DLP) User Module
dnstun                            DNS tunnels
domain                          DNS queries
dos                                 DDoS attack mitigation(part of IPS)
dropbear                       Lightweight SSH server on SMB appliance
dynlog                            dynamic log enhancement (INSPECT logs)
fg                                    FloodGate-1 (QoS)
FILEAPP                        File Application
filecache                       Content Awareness file caching
flofiler                           Flow profiler
fwapp                             information about policy installation for FireWall application
fwd                                 Firewall processes / daemon
fwdlp                             DLP core engine that performs the scanning / inspection
fw                                   Firewall
fwm                               Communication between SmartConsole applications and Security Management Server
fwpushd                        Mobile Access Push Notifications daemon
fwstats                          FW-1 statistics
fwucd                            DLP UserCheck back-end daemon that sends approval / disapproval requests to user
ghtab                             multi-threaded safe global hash tables
glue                               glue layer messages
gtp                                 GPRS Tunneling Protocol(GTP)
gtp                                 GTP (GPRS Tunneling Protocol)
h323                              VoIP H.323
htab                               multi-threaded safe hash table
httpd2                           Web server daemon (Gaia Portal)
httpd                             Endpoint Policy Management Server
httpd                             Front-end daemon of the Mobile Access Software Blade (multi-processes)
IA_htab                         IA checking for network IP address, working with kernel tables
ICAP_CLIENT              Internet Content Adaptation Protocol client
IDAPI                             Identity Awareness
ifnotify                           notification of changes in interface status -up or down (received from OS)
in.acapd                        Packet capturing daemon for SmartView Tracker logs
in.emaild.mta               E-Mail Security Server
in.emaild.pop3             POP3 Security Server that receives e-mails sent by user
in.emaild.smtp            MTP Security Server that receives e-mails sent by user and sends them to their destinations
in.geod                          Updates the IPS Geo Protection Database                           Mail Security Daemon that queries the Commtouch engine for reputation.
interpreter                    Process is responsible for Compliance Blade database scan.
ioctl IOCTL                    control messages -communication between kernel and daemon
ipopt                              IP options enforcement
java_solr                       Events are stored in the SOLR database (Jetty Server) part of cpm
kbuf                               kernel-buffer
kissd                              KISS –used for kernel memory management
kissflow                         Kernel Infrastructure Flow
kiss                                Kernel Infrastructure
kisspm                          Kernel Infrastructure Pattern Matcher
kqstats                          Kernel Worker thread statistics mechanism
kw                                  Kernel Worker state and Pattern Matcher inspection
ld                                    kernel dynamic tables infrastructure -reads from / writes to the tables
lea_session                  LEA OPSEC session
lea                                  LEA OPSEC - logs
llq                                   QoS low latency queuing
log_consolidator          Log Consolidator for the SmartReporter product
log_indexer                   R80 Log indexer
lpd                                  Log Parser Daemon – Search predefined patterns in log files
mab                                Mobile Access handler
machine                         INSPECT Virtual Machine
MALWARE                     Malware (Threat Prevention)
mem_pool                     memory pool
mgcp                              Media Gateway Control Protocol
mgr                                policy installationmanager
misc                               miscellaneous helpful information
misp                               ISP Redundancy
mmagic                         MAC magic - operations (getting, setting, updating, initializing, dropping,etc.)
monitorall                     debug -> fw monitor -p all
monitord                       Hardware monitoring daemon
monitor                         debug -> fw monitor
MoveFileDemuxer       Related to MoveFileServer process (moving files between cluster members)
MoveFileServer            Move files between cluster members in order to perform database synchronization
mpdaemon                   Apache server (which can have multiple processes for starting these web servers.
mrtsync                         synchronization (in kernel) between cluster members of Multicast Routes
msnms                          MSN over MSMS(MSN Messenger protocol)
mspi                               information related to creation and destruction of MSA / MSPI
mtctx                             multi-threaded context -memory allocation, reference count
multik                           CoreXL -> Multi-Kernel Inspection
mutex                            Unified Policy internal mutex operations
nac                                 Network Access Control (NAC)
NRB                               Next Rule Base
ntup                               Non-TCP / Non-UDP traffic policy (traffic parser)
om_alloc                       allocationof Office Mode IP addresses
osu                                 cluster Optimal Service Upgrade(sk107042)
packet_err                    invalid ‎packets,‎ for ‎which‎ dispatching‎ decision‎ can’t ‎be ‎made
packval                          statelessverifications -sequences, fragments, translations and other header verifications
parser                            file parsing or CMI parser
parsers_is                     cmi_loader parsers infrastructure
pcktdmp                        dumps the encryptedpackets before encryption/ decryptedpackets after decryption
pcre                                Perl Compatible Regular Expressions
pdpd                               IA Policy Decision Point daemon
pepd                               IA Policy Enforcement Point daemon
per_conn                       messages per connection (when a new connection is handled by RTM)
per_pckt                        messages per packet (when a new packet arrives is handled by RTM) or "con_conn"
Pinger                            Reduce the number of httpd processes performing ActiveSync.
pkt_dump                      traffic packet dump
pkxld                              Performs asymmetric key operations for HTTPS Inspection
PM_compile                  Pattern Matcher -pattern compilation
pmdump                        Pattern Matcher - DFA (dumping XMLs)
pm                                  Gaia OS Process Manager
pmint                             Pattern Matcher compilation
pm                                 Pattern Matcher - compilation and execution
pnote                             registering and monitoring of critical ClusterXL Devices
portscan                       port scanning prevention mechanics
postgres                       PostgreSQL server
prof                                Firewall Priority Queues-connection profiler (refer to sk105762)
q                                     driver queue
qosaccel                        QoS acceleration
qos                                  QoS (FloodGate-1)
queue                             Kernel Worker thread queues
quota                              cross-instance quota table
RAD_KERNEL               Resource Advisor Kernel
rad                                  Resource Advisor
rconfd                             Provisioning daemon
rem                                 Regular Expression Matcher-Pattern Matcher 2nd tier (slow path)
report_mgr                   report manager
routed                            Routing daemon
rtdbd                              Real Time database daemon
rtmd                               Real Time traffic statistics.
RTM                                Real-Time Monitoring
salloc                              System Memory allocation
sam                                 Suspicious Activity Monitoring
scanengine_b                Third party engine.
scanengine_k                Third party engine.
scanengine_s                Third party engine.
scrub_cp_file_convertd          Used to convert various file formats to simple textual format
scrubd                            Main Threat Extraction daemon
scrub                              Main CLI process for Threat Extraction
sctp                                 Stream Control Transmission Protocol(SCTP)
scv                                   SecureClient Verification
searchd                          Search indexing daemon
sec_rb                            secondary NRB rulebase operations
SFT                                 Stream File Type
sfwd                                SMB fwd 🙂
SGEN                              Struct Generator
shmem                           shared memory allocation
sigload                            signatures loader, patterns, ranges
skinny                             Skinny Client Control Protocol -Cisco proprietary VoIP protocol
smartlog_server           SmartLog product service
SmartView                     SmartEvent Web Application
sms                                 Manages communication with UTM-1 Edge Security Gateways.
sm                                   String Matcher-Pattern Matcher 1st tier (fast path)
sna                                  SnA objects ("Services and Application)
snmpd                            SNMP (Linux) daemon
SOLR                              CPM databases communication
span                                mirror port(duplicates the network traffic)
spii                                  Stateful Protocol Inspection Infrastructure and INSPECT StreamingInfrastructure
sshd                                SSH daemon
ssl_insp                         HTTPS SSL Inspection
sslt                                  SSL TLS library
status_proxy                  Status collection of ROBO Gateways - SmartLSM / SmartProvisioning status proxy.
subs                                Subscribermodule -set of APIs, which enable user space processes (by using a DLL)
SVRServer                     Controller for the SmartReporter product. Traffic is sent via SSL
swblade                         registration of Software Blades
sxl_statd                        Allow acquiring statistics information from Host ppak and Falcon cards
synatk                            'SYN Attack' (SYNDefender)IPS protection
sync                                synchronization operations in ClusterXL
syslogd                           Syslog (Linux) daemon
tcpinfo                            TCP processing messages
tcpstr                              TCP streaming mechanism
tcpt                                 TCP Tunnel (Visitor mode) related information(FW traversal on port 443)
ted                                  Threat Emulation daemon engine
temp_conns                  temporary connections
te                                    Threat Emulation
tnlmon                           tunnel monitoring
topo                                information about topology and Anti-Spoofingof interfaces
ua                                   Universal Alcatel "UA" Protocol
ucd                                 UserCheck connectionsto other cluster members
UC                                  UserCheck
uepm                             Endpoint Management Server
uf                                   URL filters and URL cache
uid                                 Cross-instance Unique IDs
upapp                            information about policy installation for Unified Policyapplication
upconv                          Unified Policy conversion
UPIS                              Unified Policy Infrastructure
UP                                  Unified Policy
urlf_ssl                          Application Control/ URL Filtering for SSL
usrchkd                         Main UserCheck daemon, which deals with UserCheck requests
usrchk                           The CLI client for the UserCheck daemon USRCHKD
usrmem                        User Spaceplatform memory usage
utf7                                conversion of UTF-7characters to a Unicode characters
utf8                                conversion of UTF-8 characters to a Unicode characters
uuid                               session UUID
vbuf                               virtual buffer
vm                                 Virtual Machine chain decisions on traffic going through fw_filter_chain
VPN_cookie                 virtual de-fragmentation cookie
vpnd                              VPN processes / daemon
vpn_multik                  MultiCore VPN (refer to sk118097)
vpn_tagging                sets the VPN policy of a connection according to VPN communities, VPN Policy related info
VPN                               VPN
vs                                   Virtual System (VSX)
wap                               Multimedia Messaging Service (Wireless Application Protocol)
wd                                 WebDefense
wire                              wire-mode Virtual Machine chain module
worker                         Kernel Worker -queuing and dequeuing
wsdnsd                        DNS Resolver - activated when Security Gateway is configured as HTTP/HTTPS Proxy
WSIS                            Web Intelligence Infrastructure
WS_parser                  Web Intelligence HTTP header parser layer
WS_pfinder                 Web Intelligence pattern finder
WS_regexp                  Web Intelligence regular expression library
WS_SIP                        Web Intelligence SIP Parser
wstlsd                          Handles SSL handshake for HTTPS Inspected connections.
WS                               Web Intelligence
xl                                  Accelerator cards interaction
xlate                            NAT - basic information
xltrc                             NAT - additional information -going through NAT rulebase
xpand                          Configuration daemon that processes and validates all user configuration requests,...
zeco                            Zero-Copy kernel module memory allocations

I think the list can also be extended to Top 1000:-)

3 Replies

Not trying to be difficult, but at least some of the definitions in the list are not exactly correct.

0 Kudos
Champion Champion

Hi @_Val_,

Can you give me a few examples of incorrect entries. Then I can correct them.

Thank you in advance.



It might take some time. Let's do that offline though

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events