how to see connectiontable

[breakdan]

Hi at all,

firstly i've to thank you for help....i've passed ccsa exam also about you :).
The question: how can i see some detail about connection table built by CP GW without overload the CPU with a CPU-intensive command?

THK and have a good day

Danilo

[RayPesek]

What kind of information are you looking for? It might be available in the "Active" tab of SmartView Tracker without running a manual command.

Ray

[northlandboy]

Quote:

Originally Posted by RayPesek

What kind of information are you looking for? It might be available in the "Active" tab of SmartView Tracker without running a manual command.

Ray

The Active tab places a serious load on the gateway though - there's no way I'd run it on a module with more than a few thousand connections. Usually I just do fw tab -t connections -u to dump the table. Adding the -f flag seems to add a bit more load, so I do my formatting myself.

[breakdan]

Quote:

Originally Posted by northlandboy

The Active tab places a serious load on the gateway though - there's no way I'd run it on a module with more than a few thousand connections. Usually I just do fw tab -t connections -u to dump the table. Adding the -f flag seems to add a bit more load, so I do my formatting myself.

Thank you, it was the command that i was looking for....how can you format from yourself the output of command?
And....can i put some filter as in fw monitor...i may see just connection between 2 end point and not all.....
Do you think that command add heavy load on FW (i may have 70.000 - 100.000 connections...).

Cheers
Dani

[northlandboy]

I think the first line tells you what each column is. You can then do your own stuff in perl/awk/whatever to convert hex to dotted decimal. Just standard Unix text processing really.

I don't think you can add a filter to the fw tab command - I think you can only dump the whole thing and grep out what you need.

70-100K is a lot of connections, but it depends on how powerful your firewalls are. Usually I will run the command to dump the table on the secondary firewall in the cluster, since the connections tables are in sync.

As an aside, you can also run this command from the mgmt station - you don't actually need to log onto the firewall. On the mgmt station, run fw tab -t connections -u <fw_name>

[breakdan]

Quote:

Originally Posted by northlandboy

I think the first line tells you what each column is. You can then do your own stuff in perl/awk/whatever to convert hex to dotted decimal. Just standard Unix text processing really.

I don't think you can add a filter to the fw tab command - I think you can only dump the whole thing and grep out what you need.

70-100K is a lot of connections, but it depends on how powerful your firewalls are. Usually I will run the command to dump the table on the secondary firewall in the cluster, since the connections tables are in sync.

As an aside, you can also run this command from the mgmt station - you don't actually need to log onto the firewall. On the mgmt station, run fw tab -t connections -u <fw_name>

Thank you for reply...i know 70-100K is lot of conn..ehehhe
i'll try and....i'll say you if the FW get stuck :)

biez

Dani