CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: Understand fw monitor keywords i,I,o,O

  1. #1
    Join Date
    2012-01-29
    Posts
    63
    Rep Power
    7

    Default Understand fw monitor keywords i,I,o,O

    Can someone help me understand traffic flow kernel out to firewall .I see it as i,I,o,O

    lets says when traffic comes from internet how does it flow in terms of i,I,o,O

    same from network.

  2. #2
    Join Date
    2007-06-04
    Posts
    3,276
    Rep Power
    16

    Default Re: Understand fw monitor keywords i,I,o,O

    i, I are inbound packets at the pre and post firewall process stages

    o, O are outbound packets at the pre and post firewall process stages.

    Is how has always been explained to me.

    The traffic arrives at the Inbound Interface and the i shows the status of the packet before being processed by the Check Point software at the Inbound Interface.
    The traffic is then processed at the Inbound Interface and the I shows the status of the packet after the Firewall Processes have been run against the packet.

    The traffic is then passed to the outbound Interface, where again it shows the status of the packet before being run through the Check Point software again, marking with the o to denote outbound preprocess stage.
    After the checking and processing then the O denotes the traffic as it leaves the Check Point firewall.

    When doing the fw monitor then is best to disable securexl ( if running in the first place ) using the fwaccel off command then if you normally run securexl then turn on again afterwards with the fwaccel on

Similar Threads

  1. FW Monitor Interface
    By mbutterfield in forum fw monitor, tcpdump and Wireshark
    Replies: 4
    Last Post: 2010-08-30, 18:50
  2. fw monitor help
    By rn4it in forum Miscellaneous
    Replies: 4
    Last Post: 2008-05-13, 08:28
  3. fw monitor
    By vijayant in forum Miscellaneous
    Replies: 2
    Last Post: 2007-10-15, 11:36
  4. Use "fw monitor" to monitor traffic from 1 host.
    By Wutkung in forum Miscellaneous
    Replies: 2
    Last Post: 2007-01-17, 06:31
  5. fw monitor
    By breakdan in forum Miscellaneous
    Replies: 4
    Last Post: 2006-12-31, 05:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •