This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ashish_verma
Contributor
‎2018-09-03 11:49 PM
Jump to solution

Packet Flow in Checkpoint Firewall

Hello All,

I am very confused with the packet flow of checkpoint firewall. I have seen in many places fw ctl chain is referred to understand the packet flow but I am not able to interpret it.

Could someone please help me in understanding the packet flow in terms of

SAM

IP spoofing

Policy lookup

Dst NAT

route lookup

Src NAT

VPN

etc..

Even better if we can connect it with the output of fw ctl chain

I would really appreciate any comment.

0 Kudos
1 Solution

Accepted Solutions
7 Replies
Jerry
Mentor
Mentor
‎2018-09-04 12:49 AM
Jump to solution

here you find everything (almost!) what you need reg. the CP packet flow:

sk116255

also Heiko Ankenbrand‌ posted some very useful diagrams recently ... look them up here Smiley Happy

Jerry
0 Kudos
lance2022
Explorer
‎2022-04-24 10:35 AM
In response to Jerry
Jump to solution

Hi Jerry,

I know it's an old post, but do you happen to know any other link which might help me to see those packets get dropped.

e.g: when the initial packet enters the slow path and gets dropped due to a missing firewall policy, how can I look this up.

if I run fw mon, I would only see the packet "i", but it has two places where the packet could get discarded. how to know it got discarded due to policy and not "drop template".
thanks a lot
Lance (Sonicwall :))

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-03-29 04:54 AM
In response to lance2022
Jump to solution

Command fw ctl zdebug + drop will show you all live packet drops in both SecureXL and the INSPECT Firewall Instances and why.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
ashish_verma
Contributor
‎2018-09-04 03:07 AM
Jump to solution

Thank you Very much to all of you. Got the answer. Thanks again

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top