This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Albin_Hakansson
Participant
‎2017-09-30 01:00 PM

Kernel modules and chain modules

Hi all!

I am wondering about the relationship between kernel modules and the firewall chain (fw ctl debug -m & fw ctl chain)
I've gone through sk98799, but it raised a few questions for me.

As I understand, I can see which modules are active on the firewall by running fw ctl debug -m command.
And the chains (fw ctl chain) is the path/order of which the Check Point kernel will handle the traffic, based on configuration different modules will be enabled and since they are divided into the chains, the number of chains will be different. 
Is my understanding of the kernel modules and chains correct?

I get a bit confused regarding how to know where to perform the debug. Based on research on various forums & other locations, I've come to understand that several modules can work within one chain, for example "VM" chain module.

But how do I know where in the chain a module is working for example WS or RTM module?

As a general question as well, what does the output of fw ctl conn -a mean?

Thanks in advance!

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2017-09-30 04:55 PM

The items listed in fw ctl chain will depend on which features are enabled, thus the number of modules listed will vary from system to system.

Different modules serve different functions and I would defer to specific SKs where these are detailed or conversations with the Check Point TAC as to which modules to debug in which circumstances.

As some functions cross modules, it's possible multiple modules require debugging, which is why the answer is largely situation specific.

fw ctl conn -a is a command I am not familiar with.

It is mentioned in the following sks:

fwsync: there is a different installation of Check Point's products on each member of this clus... 

Connections Table Format 

0 Kudos
m_chasserot
Explorer
‎2022-06-11 01:18 AM

Hello Albin.

Did you find answers to your questions?:

- how do I know where in the chain a module is working for example WS or RTM module?

- what does the output of fw ctl conn -a mean?

- how do I kno which chains make up every module?

Thanks in advance.

0 Kudos
m_chasserot
Explorer
‎2022-06-11 01:42 AM

Hello Albin.

Did you find answers to your questions?

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events