This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Platinum
MVP Platinum
2 weeks ago

fw tab -t connections -z

One of the most commonly overlooked features in the R81 + manual is the -z option. It provides a detailed overview of the connection table, including various functions and parameters. The following example clearly illustrates what this output looks like in practice.

My personal favorite display is the one showing the transmitted KB/MB values, the number of packets, and the reason why a packet is not forwarded to SecureXL.

fw tab -t connections -z

Here is an example output:
AA_connections_34534534.png

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Reply
the_rock
MVP Platinum
MVP Platinum
2 weeks ago

Great! Just tried it in my lab:

 


[Expert@CP-GW:0]# fw tab -t connections -z
localhost:
Dir Source IP SPort Destination IP DPort PR FW State Expires SXL ID Not Offloaded Reason Total Pkts Total Bytes Duration Last Seen
--- --------------- ----- --------------- ----- -- --------------- ------------- ------ -------------------------------- ---------- ----------- ---------- -----------
1 172.16.10.249 18192 172.16.10.252 65153 6 Link
1 172.16.10.249 18192 172.16.10.252 59755 6 Link
0 8.8.4.4 53 172.16.10.249 22088 17 Link
1 172.16.10.249 48077 8.8.4.4 53 17 UDP 39/40 N/A Local connection 49.52M 5.46GB 124h51m22s 1s
0 172.16.10.252 65153 172.16.10.249 18192 6 TCP Estab. 3575/3600 N/A Local incoming conn 337.32K 260.61MB 124h51m24s 25s
0 172.16.10.252 59755 172.16.10.249 18192 6 TCP Estab. 3511/3600 N/A Local incoming conn 10.69K 843.03KB 124h51m20s 1m29s
0 1.1.1.1 53 172.16.10.249 23367 6 Link
0 8.8.8.8 53 172.16.10.249 12659 17 Link
1 172.16.10.249 64492 1.1.1.1 53 6 TCP None 0/5 N/A Local connection 8 1.08KB 6s 5s
1 172.16.10.249 59887 172.16.10.252 257 6 TCP Estab. 3597/3600 N/A Local connection 6.39K 1.66MB 124h51m20s 3s
0 172.16.10.252 257 172.16.10.249 59887 6 Link
1 172.16.10.249 54053 8.8.8.8 53 17 UDP 38/40 N/A Local connection 49.57M 5.46GB 124h51m22s 1s
1 172.16.10.249 42985 172.16.10.252 257 6 TCP Estab. 3596/3600 N/A Local connection 294.06K 93.31MB 124h51m19s 2s
0 172.16.10.252 257 172.16.10.249 42985 6 Link
1 172.16.10.249 22 100.65.16.1 50325 6 Link
0 100.65.16.1 50325 172.16.10.249 22 6 TCP Estab. 3598/3600 N/A Local incoming conn 46 10.15KB 5s 0s
0 172.16.10.252 257 172.16.10.249 42679 6 Link
1 172.16.10.249 42679 172.16.10.252 257 6 TCP Estab. 2138/3600 N/A Local connection 539 41.12KB 124h52m4s 24m22s
1 172.16.10.249 63860 1.1.1.1 53 17 UDP 38/40 N/A Local connection 49.42M 5.47GB 124h51m22s 1s
0 1.1.1.1 53 172.16.10.249 53545 17 Link
20 slow-path connections out of 20 connections

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events