Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Easy Tool - Real time connection table analysis v4.0

HeikoAnkenbrand
Champion
Champion
Overview


For many Check Point users the question arises again and again, which connections and services are used by a rule, a port, an destination IP or source IP  in real time. For this purpose I have created a small tool, which all information about a rule can be read out in real time from the connection table.

This is good for optimizing the ruleset, as it provides a real-time view of the connection table with the corresponding info. This can be a

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(7)
26 Replies

Reimar_W
Participant

Hi @HeikoAnkenbrand 

The script simplifies the search in the connection table.
Great idea and thanks for your great contributions.

Small note:
Unfortunately, the use of multiple filters -p 53 -d 8.8.8.8 does not work.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos
(1)

HeikoAnkenbrand
Champion
Champion

Hi @Reimar_W,

I reworked this in the script and it now works with multiple filter parameters.

Thanks
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


udo_kimmich
Explorer

It's really cool how you can browse with this tool in the connection tabel.
This allows you to get information quickly and easily.

Great job
@HeikoAnkenbrand

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Power_Support
Participant

Hi @HeikoAnkenbrand,

nice solution.

What is the state "conn" in the output?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Power_Support 

Bug is fixed in version 2.5!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


IgorWeller
Explorer

Very interesting tool.
Could you also provide an overview of the interfaces in use?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Incoming and outgoing interface added in version 2.6.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Svendsen
Participant

Great work Heiko, this will become usefull for almost everyone working with CP

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Check Point service names added in version 2.7

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Wolfgang
Leader
Leader

Great tool  @HeikoAnkenbrand . How about VSX, known problems ?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Wolfgang,

The script is very complex and I try to integrate VSX. However, one or two functions are not yet VSX compatible.
Please give me another week or two 😉

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


fwmeister
Contributor

Hi Heiko,

You could add a small option for the top rules using cpstat blades and take the 5 rules and show them .

Cheers

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Wolfgang,

After a weekend with a lot of programming work I made the script VSX compatible.
You only need to run the command in a VS instance:
# vsenv xy
# econn ...

Now the VS instance should be displayed as shown in the picture:
econn_3_vsx.png

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


(2)

Wolfgang
Leader
Leader

@HeikoAnkenbrand 

work like a charm with VSX. Saved me a lot of time at the moment investigating a problem with some connections.

👍 👍

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

From version 2.9 with extended connection table view:
+ Incoming interface
+ Outgoing interface
+ Check Point service name

econn_conn_tab.JPG

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


fwmeister
Contributor

got a few errors (r80.20 hf  take188) Yes, I know it's "old". 🙂

using -t -i -c

awk: fatal: can't open source file `/opt/etool/script/econn_awk1' for reading (No such file or directory)

 

also 

Incomming : sh: -c: line 0: syntax error near unexpected token `('
sh: -c: line 0: `cat /tmp/econn_if |grep ^domain-udp(122)'

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

fwmeister
Contributor

ok. Got that /opt/etool error because I just copied the /usr/bin/econn to firewalls instead of "installing" it. 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

fwmeister
Contributor

Excellent tool! Thanks for sharing! 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Bugs fixed in version 2.9:
- ICMP issues
- interface issue
- Check Point service issue

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


KostasGR
Contributor

Hello @HeikoAnkenbrand

In case of inline rules the -r flag doesn't seem to work.  For a example for a rule 2.1,2.2 etc.

-r <rule number> Show the information about a specific rule with the corresponding rule number.

 

BR,

Kostas

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi @KostasGR,

I use the command "fw ctl conntab" to display the connection tab. Unfortunately this does not support inline rules. Therefore, you can only use the basic inline layer rule. Unfortunately, this cannot be changed technically.

Here is an example from my lab environment:
ecomm_5.JPG

fw ctl conntab -r 3

ecomm_6.JPG

 

Output tool

ecomm_7.JPG

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Henrik_Noerr1
Contributor

would like to try this, but I get:

/bin/econn: line 10: [[: $#: syntax error: operand expected (error token is "$#")

fw ver
This is Check Point's software version R80.40 - Build 124

uname -a
Linux hostname 3.10.0-957.21.3cpx86_64 #1 SMP Sun Apr 18 18:41:00 IDT 2021 x86_64 x86_64 x86_64 GNU/Linux

 

Regards,

Henrik

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

joschuar
Participant

  @HeikoAnkenbrand 

Great job.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Version 4.0 is now available with many new features:

- VSX Support
- Write connection table to file
- Read connection table from file
- No summary output (option -n)
- Search filter for the corresponding grep parameters in the connection table view output.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

joschuar
Participant

Hello @HeikoAnkenbrand,

first of all a big thank you for another great tool here for the CheckMates community.
The script runs on all our gateways. It is a bit slow with more than 100K connection table entries.
But otherwise a great solution.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

In the last few days I have spent a lot of time optimizing the code. Now even larger connection tabs should be output in a reasonable time.

From version 4.0e I will optimize the script code a bit more.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos