This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_R
Collaborator
‎2018-07-24 02:27 PM

how to collect the any destination with over 100 ports in use on the gateway

Hi Team,

As I was worked with once Global TAC engineer and perform some command in order to collect any destination with over 100 ports in use on the gateway.

Here's the same output:

Core 0 table
    110 0e8f45ce 28648802;
    119 0e8f45ce 28648812;
    125 0e8f45ce 28648872;
    144 0e8f45ce 28725f6a;
    154 0e8f45ce 74323c96;
    340 0e8f45ca 74323b96;
    407 0e8f45ca 55733a96;
    665 0e8f45ce 74323b96;
   3566 0e8f45ce 55733a96;
Core 1 table
    104 0e8f45ce 28648872;
    105 0e8f45ce 28648802;
    116 0e8f45ce 28648812;
    127 0e8f45ce 28725f6a;
    159 0e8f45ce 74323c96;
    322 0e8f45ca 74323b96;
    372 0e8f45ca 55733a96;
    644 0e8f45ce 74323b96;
   3549 0e8f45ce 55733a96;
Core 2 table
    102 0e8f45ce 28648882;
    106 0e8f45ce 28648812;
    106 0e8f45ce 28725f6a;
    111 0e8f45ce 28648802;
    115 0e8f45ce 28648892;
    118 0e8f45ce 28648872;
    174 0e8f45ce 74323c96;
    319 0e8f45ca 74323b96;
    376 0e8f45ca 55733a96;
    634 0e8f45ce 74323b96;
   3532 0e8f45ce 55733a96;
Core 3 table
    111 0e8f45ce 28648882;
    115 0e8f45ce 28648812;
    119 0e8f45ce 28648872;
    125 0e8f45ce 28725f6a;
    170 0e8f45ce 74323c96;
    355 0e8f45ca 74323b96;
    376 0e8f45ca 55733a96;
    625 0e8f45ce 74323b96;
   3606 0e8f45ce 55733a96;
Core 4 table
    103 0e8f45ce 28648802;
    113 0e8f45ce 28648872;
    127 0e8f45ce 28725f6a;
    169 0e8f45ce 74323c96;
    342 0e8f45ca 74323b96;
    361 0e8f45ca 55733a96;
    651 0e8f45ce 74323b96;
   3388 0e8f45ce 55733a96;
Core 5 table
    110 0e8f45ce 28648802;
    112 0e8f45ce 28648812;
    118 0e8f45ce 28648872;
    131 0e8f45ce 28725f6a;
    172 0e8f45ce 74323c96;
    343 0e8f45ca 74323b96;
    375 0e8f45ca 55733a96;
    659 0e8f45ce 74323b96;
   3515 0e8f45ce 55733a96;

I would like to know the command to collect the same for my internal troubleshooting. Can you share if anyone of you are aware of this command (or) any procedure.

-Arun.R

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2018-07-24 08:46 PM

Define what you mean by “ports in use.”

For what specifically, NAT?

I imagine you could write a script to query the relevant NAT tables for this if that’s the case.

0 Kudos
Arun_R
Collaborator
‎2018-07-25 01:16 PM
In response to PhoneBoy

Hi Dameon,

One of my client we were facing traffic drop error--NAT Hide failure due to port exhausted.

Checkpoint engineer assist us over the remote session and ran some commands to get the mentioned command output on my first update.

Since we are not sure what kind of command been used to get the output which holds the information of which ip addresses has high ports been used.

On above command output: 0e8f45ce 55733a96 has over 3500 ports used on each core and is the top destination by a large amount.

14.143.69.206=0e8f45ce
85.115.58.150=55733a96

 I would like to know how to get the list in order to monitor, how many ports been used.

- Arun.R

0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-25 02:34 PM
In response to Arun_R

I don't think there's a single command that generates that output.

That said you would be parsing the output of the fwx_alloc table.

Which it looks like someone wrote a script for: showtable.sh - it shows statistics of the connections, fxw_cache and sam_blocked_ips tables

See also:

Re: My Top 3 Check Point CLI commands

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
‎2020-10-08 07:23 AM

2 years too late but you can find it here

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/NAT-table-fwx-alloc-specific-NAT-...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events