cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Tip of the Week - fw monitor

Arguably, the most popular tool to troubleshoot traffic crossing a Security Gateway is fw monitor. However, not all security engineers and administrators are familiar with the full potential of fw monitor.

The tool is extremely powerful, flexible and versatile.

To unleash its full potential, please look into the article of the week: What is FW Monitor? 

;
TO READ THE FULL POST it's simple and free
6 Comments
Kim_Moberg
Silver

Hi Val

Thanks.

 

I have printed out on both side in A5 format, and then laminated those PDF that I have listed below.

 

Check Point CLI Reference Card – v2.1

Check Point fw monitor cheat sheet – 20180929

 

if I am in doubt I can alway take the document out for a reminder.

 

Just a nice a idea.

 

BR

Kim

Admin
Admin

I like that

Marco_Valenti
Silver

good work mate nicely done

Here are some more additions to R80.20 and "fw monitor". For details see here:

R80.x Performance Tuning and Debug Tips – fw monitor 

Whats new in R80.20:

  • With R80.20 it is no longer necessary to disable SecureXL.
  • The new fw monitor chain modules (SecureXL) do not run in the virtual machine (vm):

        SecureXL inbound (sxl_in)                 > Packet received in SecureXL from network

        SecureXL inbound CT (sxl_ct)           > Accelerated packets moved from inbound to outbound processing (post routing)

        SecureXL outbound (sxl_out)            > Accelerated packet starts outbound processing

        SecureXL deliver (sxl_deliver)          > SecureXL transmits accelerated packet

  • There are more new chain modules:

        vpn before offload (vpn_in)                  > FW inbound preparing the tunnel for offloading the packet (along with the connection)

        fw offload inbound (offload_in)            > FW inbound that perform the offload

        fw post VM inbound  (post_vm)            > Packet was not offloaded (slow path) - continue processing in FW inbound

  • New chain key 00000000 for SecureXL offloading
  • New fw monitor inspection points:
    • R80.10: e, E
    • R80.20: id, iD, iq, iQ, oq, oQ

Regards

Heiko

Hi Kim,

You found more informations here:

https://community.checkpoint.com/docs/DOC-3475-r8020-update-cheat-sheet-fw-monitor 

Regards

Heiko

Kim_Moberg
Silver

Hi Heiko,

Thanks a lot.

Great work. differently one I want to laminate and put near my desk when doing troubleshooting work.

Br

Kim