This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Timothy_Hall
Champion Champion
Champion
‎2020-11-14 05:35 AM
Jump to solution

fw up_execute Equivalent for NAT Rule Matches?

fw up_execute can be run on the gateway to find a matching Network policy rule in the live policy like this:

 

up_execute.png

 

Is there an equivalent CLI utility to find a matching NAT policy rule on the live gateway?  I'm aware that Packet Mode searches can be executed against the NAT policy in the SmartConsole, but I'm looking for a CLI utility on the gateway itself.  Thanks!

    

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-11-14 08:11 AM
Jump to solution

Haven’t seen and with NAT it’s a bit more complicated due to the fact some of the NAT isn’t handled by actual rules but rather as a result of object definition.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2020-11-14 08:11 AM
Jump to solution

Haven’t seen and with NAT it’s a bit more complicated due to the fact some of the NAT isn’t handled by actual rules but rather as a result of object definition.

Timothy_Hall
Champion Champion
Champion
‎2020-11-14 04:15 PM
In response to PhoneBoy
Jump to solution

Not even in R81?  It seems like the NAT policy in that version is now acting more like a "real" policy layer, and allowing the use of Security Zones & Dynamic Objects including Access Roles, as well as keeping hit counts.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-15 08:52 PM
In response to Timothy_Hall
Jump to solution

Perhaps there's a hidden flag for fw up_execute?

0 Kudos
Richard_Carson
Contributor
‎2023-02-07 02:37 AM
In response to PhoneBoy
Jump to solution

bump thread - this would be a useful feature

0 Kudos
Timothy_Hall
Champion Champion
Champion
‎2023-02-07 07:11 AM
In response to Richard_Carson
Jump to solution

You can try searching the contents of the fwx_cache table which will hold the most recently hit NAT rules, see my post here:

https://community.checkpoint.com/t5/General-Topics/NAT-Cache-Table-Full/m-p/53547/highlight/true#M10...

 

here is another helpful tool as well:

showtable.sh - it shows statistics of the connecti...

 

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events