This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Timothy_Hall
Legend Legend
Legend
‎2020-11-14 05:35 AM
Jump to solution

fw up_execute Equivalent for NAT Rule Matches?

fw up_execute can be run on the gateway to find a matching Network policy rule in the live policy like this:

 

up_execute.png

 

Is there an equivalent CLI utility to find a matching NAT policy rule on the live gateway?  I'm aware that Packet Mode searches can be executed against the NAT policy in the SmartConsole, but I'm looking for a CLI utility on the gateway itself.  Thanks!

    

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-11-14 08:11 AM
Jump to solution

Haven’t seen and with NAT it’s a bit more complicated due to the fact some of the NAT isn’t handled by actual rules but rather as a result of object definition.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2020-11-14 08:11 AM
Jump to solution

Haven’t seen and with NAT it’s a bit more complicated due to the fact some of the NAT isn’t handled by actual rules but rather as a result of object definition.

Timothy_Hall
Legend Legend
Legend
‎2020-11-14 04:15 PM
In response to PhoneBoy
Jump to solution

Not even in R81?  It seems like the NAT policy in that version is now acting more like a "real" policy layer, and allowing the use of Security Zones & Dynamic Objects including Access Roles, as well as keeping hit counts.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
PhoneBoy
Admin
Admin
‎2020-11-15 08:52 PM
In response to Timothy_Hall
Jump to solution

Perhaps there's a hidden flag for fw up_execute?

0 Kudos
Richard_Carson
Contributor
‎2023-02-07 02:37 AM
In response to PhoneBoy
Jump to solution

bump thread - this would be a useful feature

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-02-07 07:11 AM
In response to Richard_Carson
Jump to solution

You can try searching the contents of the fwx_cache table which will hold the most recently hit NAT rules, see my post here:

https://community.checkpoint.com/t5/General-Topics/NAT-Cache-Table-Full/m-p/53547/highlight/true#M10...

 

here is another helpful tool as well:

showtable.sh - it shows statistics of the connecti...

 

 

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 20 May 2025 @ 11:30 AM (PDT)

    Las Vegas: Check Point Hybrid Mesh
    In-Person

    Wed 21 May 2025 @ 11:30 AM (MST)

    Tempe, AZ: Check Point Hybrid Mesh
    In-Person

    Tue 03 Jun 2025 @ 09:00 AM (CEST)

    CheckMates LIve France - Workshop Check Point Quantum
    In-Person

    Tue 03 Jun 2025 @ 06:00 PM (EDT)

    Montreal: CPX Recap
    In-Person

    Tue 10 Jun 2025 @ 06:00 PM (EDT)

    Quebec City: CPX Recap
    CheckMates Events