This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lesley
MVP Gold
MVP Gold
‎2024-05-02 01:21 AM

Viewing the list of the available Firewall integer kernel parameters and their values

Hi everyone,

I found an interesting part of documentation regarding the Integer Kernel Parameters and String Kernel Parameters.

It is possible with a command to show a list of all the parameters and string and the values that have been set.

This is stated in: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityGateway_Guide/Conten...

These are the steps for Integer parameters:

 

1

Connect to the command line on your Security Gateway

/ each Cluster Member

.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Make sure you can get the list of the available integer kernel parameters and their values without errors:

Lesley_2-1714637857214.png

 

Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int

4

If in the previous step there were no errors, get the list of the available integer kernel parameters and their values, and save the list to a file:

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int 1>> /var/log/fw_integer_kernel_parameters.txt 2>> /var/log/fw_integer_kernel_parameters.txt

5

Analyze the output file:

/var/log/fw_integer_kernel_parameters.txt

 

For string it is similar:

 

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Make sure you can get the list of the available integer kernel parameters and their values without errors:

Lesley_3-1714637911621.png

 

Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str

4

If in the previous step there were no errors, get the list of the available string kernel parameters and their values, and save the list to a file:

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str 1>> /var/log/fw_string_kernel_parameters.txt 2>> /var/log/fw_string_kernel_parameters.txt

5

Analyze the output file:

/var/log/fw_string_kernel_parameters.txt

 

I have tried step 3 on a few gateways but it get's stuck on  different parameter and does not proceed with the rest.

Step 4 output file contains only an error.

Anyone has an idea how to generate the full list and skip the ones that give an error?

Expample:

(I cut out the above parameters)

bypass_on_enhanced_ssl_inspection = 0
bypass_reverse_dns_rad_request = 1
ccc_in_separate_daemon = 0
ccc_policy_timestamp = 0
Get operation failed: failed to get parameter ccl_correct_dr_between_chassis
get: Operation failed
xargs: fw: terminated by signal

Different gateway:

fwconn_tracker_monitor = 'default'
fwha_azure_default_mac = '12:34:56:78:9a:bc'
fwha_group_of_bonds_str = ''
Get operation failed: failed to get parameter fwha_mbs_amw_policy_time_formated_str
get: Operation failed
xargs: fw: terminated by signal 9

-------
Please press "Accept as Solution" if my post solved it 🙂
4 Replies
PhoneBoy
Admin
Admin
‎2024-05-06 07:42 AM

Good stuff!

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-05-06 07:48 AM

I also tried few fiewalls in the lab and get below on step 3, I guess its expected?

Andy

 

inline_zp_script = ''
kiss_branch_name = 'unknown'
kiss_flofiler_active = ''
kiss_memory_report_filter = '*'
Get operation failed: failed to get parameter mgmt_forwarding_tcp_ports_list_string
get: Operation failed
xargs: fw: terminated by signal 9

Best,
Andy
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2024-05-11 07:43 AM

This is also documented here which is a bit more updated: sk33156: Creating a file with all the kernel parameters and their values

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
the_rock
MVP Gold
MVP Gold
‎2024-05-11 10:00 AM
In response to Timothy_Hall

I had customer ask me once if it was possible to say run command that would clearly show all kernel parameters and what the impact would be having them turned on. I brought that up to their Sales person as well, but not sure something like that exists.

Andy

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events