Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Don_Paterson
Advisor
Advisor

fw monitor GUI based

Are there plans (if it does not already exist) to have the ability to run fw monitor in/from a GUI.

Please do not tell me that the output can be copied to a workstation and analysed in Wireshark (using the -o option). That is not what I am asking.

 

It could be useful to, for example, log into the Gaia web portal (or SmartConsole) and in a Tools area have fw monitor appear with drop down boxes to take care of the options (src=, dst= dport= and the ands and ors etc.) and then have the output download (option) to the workstation.

 

0 Kudos
3 Replies
Timothy_Hall
Legend Legend
Legend

It is possible to do a "live" Wireshark capture on the firewall, but you have to use tcpdump as that is the only capturing tool I know of that can output raw captured packets to its stdout, so you will be limited to the rough equivalent of two capture points (Inbound/i and Outbound/O).  If there is some secret, hidden way to make fw monitor dump raw captured packets directly to its stdout ("-o -" unfortunately just creates a file called "-") this should work with it.   You'll need Wireshark and the full Putty suite (which includes plink.exe) installed.  Here is an excerpt from my Max Capture class describing the technique and its limitations:

Live_Wireshark.png

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

I hear you Don. I was personally always surprised that CP never implemented that from gut...Fortinet has such a nice and easy gui based option for exactly what you are asking.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend

Yep, I really wish Check Point had some kind of "triggered capture" feature, whereupon certain conditions were met it could automatically grab the next X number of matching packets for further analysis.  As I mentioned in my Max Capture video series, taking packet captures on a Check Point is strictly a manual process and can get a bit complicated.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events