Danny Yang

Offline Rule base matching command(R80.x)

Discussion created by Danny Yang Employee on Nov 20, 2018

Hi All,

fw up_execute (offline rule based execution)這個指令的output, 可以檢查gateway rule matching

如果客戶想知道某些服務會命中到哪些規則,就不用去查那些accept或drop log了,這是直接比對rule base DB的結果。

只有R80.10以後才有支援,R80.20才有文件資料。

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_CLI_ReferenceGuide/html_frameset.htm

 

範例:

[Expert@MyGW:0]# fw up_execute src=126.200.49.240 dst=10.1.1.1 ipp=1

 

Rulebase execution ended successfully.

Overall status:

----------------

Active clob mask: 0

Required clob mask: 0

Match status: MATCH

Match action: Accept

 

Per Layer:

------------

Layer name: Network

Layer id: 0

Match status: MATCH

Match action: Accept

Matched rule: 2

Possible rules:  2 16777215

Outcomes