This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2021-08-28 12:09 PM

'fw ctl conntab -x' issue in R81.10

 

From R81 it is possible to delete all sessions matching the filter with the command "fw ctl conntab -x ".

Unfortunately, this does not work for the "rule" filter. Here the complete connection table is deleted 😞

For example:

fw ctl conntab -x -rule=3

Tested with R81.10.

---

fw ctl conntab -h


Usage:
-h/-help # Display this help menu
-x # Delete the selected entries (without this flag, entries are only printed)
-sport # Filter by source port or source port range
-dport # Filter by destination port or detination port range
-proto # Filter by IP protocol or IP protocol range
-sip # Filter by source IP or source IP range
-dip # Filter by destination IP or detination IP range
-rule # Filter by rule or rule range
-service # Filter by service
-type # Filter by type bitmask
-flags # Filter by flags bitmask
-state # Filter by TCP state (SYN_SENT, SYN_ACK, ESTABLISHED, SRC_FIN, DST_FIN, BOTH_FIN)
Using multiple options will display only entries that match both criteria (x AND y)

Usage Examples:
* Display / Delete all port 80 connections in state BOTH_FIN:
fw ctl conntab [-x] -state=BOTH_FIN -dport=80
* Display / Delete all connections from 192.168.X.X:
fw ctl conntab [-x] -sip=192.168.0.0-192.168.255.255
* Display / Delete all old connections:
fw ctl conntab [-x] -flags=0x100/0x100

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
6 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2021-09-12 10:41 AM

Any news in this case from Check Point?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Ilya_Yusupov
Employee
Employee
‎2021-09-12 11:33 PM
In response to HeikoAnkenbrand

Hi @HeikoAnkenbrand ,

 

can you share if you got any error message?

0 Kudos
shais
Employee
Employee
‎2021-09-13 12:45 AM

Hi,
We are not aware of this issue and are unable to reproduce this in our setup.

Can you please open a ticket with support? this will allow us to get all the required info and do a remote session

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-02-01 12:26 AM

Seems to be fixed in R81.20:

fw ctl conntab -x -rule=3

deletes only the rule 3 connections

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
HeikoAnkenbrand
Champion Champion
Champion
‎2023-02-01 01:00 AM
In response to G_W_Albrecht

If you delete the connection in the connection table, it is still contained in the acceleration table and in the Dynamic Dispatcher table. Therefore, you may have some negative effects.

After deletion, they were still contained in the following tabel:

fw ctl multik gconn -p      -> Dynamic Dispacher tabel
fwaccel conns                    -> Acceleration tabel

Personally, I would be very careful about deleting the connetions.

---

Maybe Check Point's R&D can say something about this topic.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-02-01 01:04 AM
In response to HeikoAnkenbrand

Very true - but the rule filter works now...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top