Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Fw monitor troubleshooting

Jump to solution

Hello, 

I have a question about Fw monitor Inspection Points iIoO.  What does if i don`t see these inspection points in the fw monitor output and what could be the cause for each and also how to troubleshoot ? 

For example :  If i don`t see ' i ' ----I am thinking that the traffic/connection is not even reaching the firewall and I would look at the forwarding device if it is sending the tarffic to fw or not ? 

If i don`t see 'I' --

If i don`t see 'o' --- 

If i don`t see 'O' ---

 

 

Any help appreciated 

0 Kudos
Reply
2 Solutions

Accepted Solutions
Admin
Admin

You're correct on i.
If something doesn't get to I, it's most likely got dropped by a policy/access rule
If something doesn't get to o, the packet probably didn't get routed properly or it's being handled directly by the gateway.
If something doesn't get to O...well, it depends on the precise situation.

See also: https://community.checkpoint.com/t5/How-To-Videos/How-to-use-fw-monitor/m-p/97582 

View solution in original post

Hi @Ven

I agree with @PhoneBoy. Here is a small note. 
In different versions the "fw monitor inspection points" are displayed differently.
Screenshot_20201108-122634_Edge.jpg

For example, you cannot see "i" or "O" when it is VPN traffic on certain GAIA versions.

More read here:
- R80.x - Security Gateway Architecture (Logical Packet Flow)
- R80.x - Performance Tuning and Debug Tips - fw monitor
R80.x - cheat sheet - fw monitor

View solution in original post

4 Replies
Admin
Admin

You're correct on i.
If something doesn't get to I, it's most likely got dropped by a policy/access rule
If something doesn't get to o, the packet probably didn't get routed properly or it's being handled directly by the gateway.
If something doesn't get to O...well, it depends on the precise situation.

See also: https://community.checkpoint.com/t5/How-To-Videos/How-to-use-fw-monitor/m-p/97582 

View solution in original post

Hi @Ven

I agree with @PhoneBoy. Here is a small note. 
In different versions the "fw monitor inspection points" are displayed differently.
Screenshot_20201108-122634_Edge.jpg

For example, you cannot see "i" or "O" when it is VPN traffic on certain GAIA versions.

More read here:
- R80.x - Security Gateway Architecture (Logical Packet Flow)
- R80.x - Performance Tuning and Debug Tips - fw monitor
R80.x - cheat sheet - fw monitor

View solution in original post

Explorer

Thanks @HeikoAnkenbrand  for your notes

0 Kudos
Reply
Explorer

Thanks @PhoneBoy for your help.

0 Kudos
Reply