This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kumar
Participant
‎2018-06-22 09:46 AM

Working with Checkpoint files

Hi All,

Could you explain me some the impartant files in $FWDIR and their usage.

since Checkpoint People always works and analyses with files..

It is good to know at least some of the impartent files and their usage.

Thanking you in Advance

6 Replies
Gaurav_Pandya
Advisor
‎2018-06-22 11:22 AM

Hi,

Some important directories & files of mgmt. server is listed below.

$CPDIR/conf - Contains parts of the CPShared system
    * cp.license  - license of machine
    * sic_cert.p12 - SIC certificate
$FWDIR/lib - .def files which are used when the rulebase is complied into inspection code for Enforcement points.
$FWDIR/conf - the rule base and the rest of the security policy can be found here.
    * rulebases_5_0.fws - Contains rulebases and duplicate in *.w files
    * objects_5.0.C - Contains all the objects. objects.C is created when sent to the Enforcement Points
$FWDIR/conf/fwauth.* - User Database, main file being fwauth.NDB
$FWDIR/conf/masters - Defines the local log definition in Dashboard
$FWDIR/database/fwauth.* - User Datbase, main file being fwauth.NDB
$FWDIR/log - Logs

$FWDIR/bin/upgrade_tools  - You can do upgrade_export for migration of mgmt. server

Enforcement Point

$CPDIR/conf - Contains parts of the CPShared system
    * cp.license  - license of machine
    * sic_cert.p12 - SIC certificate
$FWDIR/conf/discntd.if - Add interfaces you want to show as disconnected for ClusterXL.

PhoneBoy
Admin
Admin
‎2018-06-22 11:33 AM
In response to Gaurav_Pandya

If R80+, rulebases_5_0.fws and objects_5_0.C are not the real true versions of this information as we use a proper database now. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-22 11:32 AM

In general, you don't manually edit any files here unless instructed by the TAC or a SecureKnowledge article.

Do we maintain a comprehensive list of these files and what they do? No.

If you're curious about a specific file, your best bet is to search SecureKnowledge.

Kumar
Participant
‎2018-06-22 11:50 PM
In response to PhoneBoy

Agreed ! !

Could you please explain the difference between the below directories.

/var/opt

/opt

$FWDIR

what Type of files will be residing inside theses directories.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-06-23 02:13 AM

since Checkpoint People always works and analyses with files..

that's just not true anymore, now that we use industry databases for configuration storage, data is binary across multiple files and cannot be opened using "less" etc. Instead, you got mgmt_cli

What we still have is logs for Management processes. But those very often contain data that is only valid if you combine it with other indicators. If you find "failed" and "error" and "corrupt" in various /var/log files at Check Point machines, it is most likely a false-positive taken from Check Point engines which you don't use - so when those engines checks if they need to be activated, they get a negative answer and print data which may intimidate non-Check Point-Developers.

When you want to get files for troubleshooting, this is your resource: search the error at Support, Support Requests, Training, Documentation, and Knowledge base for Check Point products and ...  and find the relevant SecureKnowledge or CheckMates article.

In addition to self-troubleshooting, you can always open support tickets for problems and this will ensure that we fix its root cause for the benefit of all of our users.

bernhard_m
Collaborator
‎2019-06-06 02:07 AM
In response to Tomer_Sole

there are still configuration files which I have to modify quite often when it comes to complex vpn environments since simplified mode does not offer much flexibility in the gui:
($FWDIR could also stand for the corresponding compatibility directory on the mgmt server)

$FWDIR/conf

   * vpn_route.conf - for complex VPN scenarios
   * vpn_service_based_routing.conf - not that often, but still the only way to implement service based routing with link selection
   * user.def.* - sometimes needed to get 3rd Party VPN working  (eg. subnet_for_range_and_peer, ... )
   * trac_client_1.ttm - eg. to finetune MEP vor Client VPN in complex VPN environments
   * fwrl.conf - to automatically deploy the trac_client_1.ttm to the gateways

$FWDIR/lib

   * crypt.def - for excluding traffic from VPN (NON_VPN_TRAFFIC_RULES)
   * implied_rules.def - eg. to exclude specific services from implied rules to get them encrypted
               (eg. LDAP or RADIUS from a vpn client authentication on a remote site via vpn to central auth servers)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events