Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Don_Paterson
Advisor

fw ctl chain questions for the community

Hello,

Considering the attached screenshot I am curious to know what members of the community have as answers to these questions or comments on the questions as they stand:

1. Can you see how the traffic flows through the kernel?

2. Besides the Firewall, what other modules are engaged?

3. Can you tell if IPS is currently deployed?

 

Some knowledge of the kernel is assumed but not advanced technical knowledge.

Thanks,

Don

0 Kudos
3 Replies
Vladimir
Champion
Champion

Simply based on the screenshot of chains, not really.

You may see the chains enabled for a particular feature, but if the policy is configured to bypass the blade, it will not be reflected here.

You can use the fw monitor to see the traffic between specific sources and destinations through inspection points that cover most of the chain modules.

PhoneBoy
Admin
Admin

PSL is going to be active if you have any blade active above and beyond FW and VPN (e.g. IPS, App Control, URL Filtering).
enabled_blades will provide a more precise answer to 2 and 3. 

Don_Paterson
Advisor

Thanks.

That is true, and to see PSL (the kernel module) the command -- fw ctl debug -m | grep 'Modules' -- is a good command.

So,basically, question number 2 cannot be answered and the answer to question number 3 is No if only considering the output of the fw ctl chain command.

Regards,

Don

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events