This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
frankcar
Contributor
‎2023-06-20 11:59 PM
In response to Lukas_Sosnovec

this tells you what you want.

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/FWG...

 

 

  • est Practice - The SAM Policy rules consume some CPU resources on Security Gateway. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk.

  • Logs for enforced SAM rules (configured with the fw sam command) are stored in the $FWDIR/log/sam.dat file.

    By design, the file is purged when the number of stored entries reaches 100,000.

    This data log file contains the records in one of these formats:

    <type>,<actions>,<expire>,<ipaddr>
    <type>,<actions>,<expire>,<src>,<dst>,<dport>,<ip_p>

  • SAM Requests are stored on the Security Gateway in the kernel table sam_requests.

  • IP Addresses that are blocked by SAM rules, are stored on the Security Gateway in the kernel table sam_blocked_ips.

 

 

 

View solution in original post

(1)
Who rated this post