Download
check point internals n.
Skip this Video
Loading SlideShow in 5 Seconds..
Check Point Internals PowerPoint Presentation
Download Presentation
Check Point Internals

Check Point Internals

103 Views Download Presentation
Download Presentation

Check Point Internals

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Check Point Internals

  2. Showing tables • fw tab • [-t <table>] • [-s | -c] • [-f] • [-r] • [-u | • … • fw tab -u –t connections

  3. Connection table FP3 -------- connections -------- dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function c5f7637c 0 <00000000, c0a80096, 00000e3f, c0a80001, 00000016, 00000006; 0001c001, 00804080, 00000001, 00000e10, 00000000, 3e5a693d, 00000000, f559cfc3, 000007b6, 00000000, 00000000, ffffffff, ffffffff, 00000000, 02000000, 00000000, 00000000, 00000000, 00000000, 00000000, 6a8ec000, 00000000, 00000000, 00000000, 00000000; 3599/3600> <00000001, c0a80052, 00000a22, d1248030, 00003a98, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000002) <00000000, c3064f06, 0000008f, c3cf59f4, 00002e1f, 00000006> -> <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> (00000006) <00000001, c3cf59f5, 00004739, c0a80a21, 0000042c, 00000011> -> <00000000, c0a80a21, 0000042c, c3cf59f5, 00004739, 00000011> (00000005) <00000001, d1248030, 00003a98, c0a80052, 00000a22, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000005) <00000000, c0a80a21, 0000042c, c3cf59f5, 00004739, 00000011; 00010006, 00804000, 00000000, 00000028, 00000000, 3e5a6c15, 00000000, f559cfc3, 000007b6, 00000001, ffffffff, ffffffff, ffffffff, 00000000, 00000000, 00000000, 00000000, e32e6000, 00000000, 00000000, dfaf6800, 00000000, 00000000, 00000000, 39946800; 14/40> <00000001, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> -> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> (00000002) <00000001, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> -> <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> (00000002) <00000000, d1248030, 00003a98, c3cf59f4, 0000e951, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000006) <00000001, c0a80096, 00000016, c0a80a21, 0000042d, 00000006> -> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> (00000005) <00000000, c0a80096, 0000170c, c0a80a21, 0000042e, 00000006> -> <00000000, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> (00000006) <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006; 0001c001, 00806080, 00000004, 00000e10, 00000000, 3e5956fc, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 02000000, 00000000, 00000000, d0568000, d1b24000, 00000000, f322b800, 00000000, 00000000, 00000000, 00000000; 3593/3600> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006; 0001c006, 00806080, 0000000a, 00000e10, 00000000, 3e5a68a3, 00000000, f559cfc3, 000007b6, 00000001, 00000001, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 21c68800, 00000000, 00000000, 7e408800, 00000000, 00000000, 00000000, 70a7c000; 3599/3600> <00000001, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> -> <00000000, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> (00000002) <00000001, c0a80001, 00000016, c0a80096, 00000e3f, 00000006> -> <00000000, c0a80096, 00000e3f, c0a80001, 00000016, 00000006> (00000005) <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006; 0001c001, 00806080, 00000008, 00000e10, 00000000, 3e5a087e, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 02000000, 00000000, 00000000, c4619000, d1aea000, 00000000, 3089d000, 00000000, 00000000, 00000000, 00000000; 3502/3600>

  4. Connection table FP3 (con’d) 1 192.168.0.82 2594209.36.128.48 15000 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0 195.6.79.6 143 195.207.89.244 11807 6 0 192.168.0.12 1473 195.6.79.6 143 6 1 195.207.89.245 18233 192.168.10.33 1068 17 0 192.168.10.33 1068 195.207.89.245 18233 17 1 209.36.128.48 15000 192.168.0.82 2594 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0 192.168.10.33 1068 195.207.89.245 18233 17 00010006 00804000 Rule 0 TimeOut 40 C11 0 c12 1046113301 C13 0 C14 4116303811 C15 1974 cl_int_in 1 cl_int_out - srv_int_in - srv_int_out - 1 192.168.10.33 1069 192.168.0.150 22 6 0 192.168.10.33 1069 192.168.0.150 22 6 1 192.168.0.12 1473 195.6.79.6 143 6 0 192.168.0.12 1473 195.6.79.6 143 6 0 209.36.128.48 15000 195.207.89.244 59729 6 0 192.168.0.82 2594 209.36.128.48 15000 6 1 192.168.0.150 22 192.168.10.33 1069 6 0 192.168.10.33 1069 192.168.0.150 22 6 0 192.168.0.150 5900 192.168.10.33 1070 6 0 192.168.10.33 1070 192.168.0.150 5900 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0001c001 00806080 Rule 4 TimeOut 3600 C11 0 c12 1046042364 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1 0 192.168.10.33 1069 192.168.0.150 22 6 0001c006 00806080 Rule 10 TimeOut 3600 C11 0 c12 1046112419 C13 0 C14 4116303811 C15 1974 cl_int_in 1 cl_int_out 1 srv_int_in 0 srv_int_out 0 1 192.168.10.33 1070 192.168.0.150 5900 6 0 192.168.10.33 1070 192.168.0.150 5900 6 1 192.168.0.1 22 192.168.0.150 3647 6 0 192.168.0.150 3647 192.168.0.1 22 6 0 192.168.0.12 1473 195.6.79.6 143 6 0001c001 00806080 Rule 8 TimeOut 3600 C11 0 c12 1046087806 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1

  5. Simple HTTP and DNS example localhost: -------- connections -------- dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function ef8353d0 0 <00000000, ac1d6d01, 00000050, 0a010165, 00000497, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000006) <00000000, d4e90122, 00000035, 0a010165, 00000490, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000006) <00000001, d4e90122, 00000035, 0a010165, 00000490, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000005) <00000001, ac156501, 00004710, 0a010165, 00000475, 00000006> -> <00000000, 0a010165, 00000475, ac156501, 00004710, 00000006> (00000005) <00000000, 0a010165, 00000101, 0a010101, 000004cb, 00000006> -> <00000001, 0a010101, 000004cb, 0a010165, 00000101, 00000006> (00000006) <00000000, 0a010165, 0000008b, 0a010101, 000004c5, 00000006> -> <00000001, 0a010101, 000004c5, 0a010165, 0000008b, 00000006> (00000006) <00000001, 0a010101, 000004c5, 0a010165, 0000008b, 00000006; 0002c001, 00806200, 06000000, 00000e10, 00000000, 3e631d0f, 00000000, 0101010a, 000007b6, ffffffff, ffffffff, 00000002, 00000002, 00000000, 00000000, 00000000, 00000000, 00000000, 2802c800, 00000000, 00000000, 00000000; 3564/3600> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011; 00010001, 00806080, 00000001, 00000028, 0000003f, 3e631d96, 00000000, 0101010a, 000007b6, 00000002, 00000002, 00000000, 00000000, 00000000, 02000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 0/40> <00000001, 0a010165, 00000490, d4e90122, 00000035, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000002) <00000001, 0a010101, 000004cb, 0a010165, 00000101, 00000006; 0002c001, 00806200, 08000000, 00000e10, 00000000, 3e631d66, 00000000, 0101010a, 000007b6, ffffffff, ffffffff, 00000002, 00000002, 00000000, 00000000, 00000000, 00000000, 00000000, 2d034000, 00000000, 00000000, 00000000; 3574/3600> <00000001, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000002) <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006; 0001c001, 00806080, 00000001, 00000e10, 00000000, 3e631da4, 00000000, 0101010a, 000007b6, 00000002, 00000002, 00000000, 00000000, 00000000, 02000000, 00000000, 00000000, 00000000, 4903a000, 00000000, 00000000, 00000000; 3574/3600> <00000000, 0a010165, 00000475, ac156501, 00004710, 00000006; 0001c001, 00804200, 08000000, 00000e10, 00000000, 3e631d78, 00000000, 0101010a, 000007b6, 00000002, 00000002, ffffffff, ffffffff, 00000000, 00000000, 00000000, 00000000, 00000000, 32034800, 00000000, 00000000, 00000000; 3592/3600> <00000001, ac1d6d01, 00000050, 0a010165, 00000497, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000005)

  6. Simple HTTP and DNS example (con’d) 0 172.29.109.1 80 10.1.1.101 1175 6 0 10.1.1.101 1175 172.29.109.1 80 6 0 212.233.1.34 53 10.1.1.101 1168 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 212.233.1.34 53 10.1.1.101 1168 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 172.21.101.1 18192 10.1.1.101 1141 6 0 10.1.1.101 1141 172.21.101.1 18192 6 0 10.1.1.101 257 10.1.1.1 1227 6 1 10.1.1.1 1227 10.1.1.101 257 6 0 10.1.1.101 139 10.1.1.1 1221 6 1 10.1.1.1 1221 10.1.1.101 139 6 1 10.1.1.1 1221 10.1.1.101 139 6 0002c001 00806200 Rule 100663296 TimeOut 3600 C11 0 c12 1046682895 C13 0 C14 16843018 C15 1974 cl_int_in - cl_int_out - srv_int_in 2 srv_int_out 2 0 10.1.1.101 1168 212.233.1.34 53 17 00010001 00806080 Rule 1 TimeOut 40 C11 63 c12 1046683030 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in 0 srv_int_out 0 1 10.1.1.101 1168 212.233.1.34 53 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 10.1.1.1 1227 10.1.1.101 257 6 0002c001 00806200 Rule 134217728 TimeOut 3600 C11 0 c12 1046682982 C13 0 C14 16843018 C15 1974 cl_int_in - cl_int_out - srv_int_in 2 srv_int_out 2 1 10.1.1.101 1175 172.29.109.1 80 6 0 10.1.1.101 1175 172.29.109.1 80 6 0 10.1.1.101 1175 172.29.109.1 80 6 0001c001 00806080 Rule 1 TimeOut 3600 C11 0 c12 1046683044 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in 0 srv_int_out 0 0 10.1.1.101 1141 172.21.101.1 18192 6 0001c001 00804200 Rule 134217728 TimeOut 3600 C11 0 c12 1046683000 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in - srv_int_out - 1 172.29.109.1 80 10.1.1.101 1175 6 0 10.1.1.101 1175 172.29.109.1 80 6 0.0.0.0 0 0

  7. NAT’ted FTP connection example ip330[admin]# fw tab -u -t connections | grep 15 dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function c5f7637c 0 <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006; 0001c001, 00806080, 00000008, 00000e10, 00000031, 3e5a79fb, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 22000000, 00000000, 00000000, ab4c6800, 08aee000, 00000000, c5d09000, 610f2000, 00000000, 00000000, 00000000; 3518/3600> <00000000, c16db9a2, 00000015, c3cf59f4, 00003648, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000006) <00000000, c16db9a2, 00000015, c0a80096, 00000e51, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000016) <00000001, c16db9a2, 00000015, c0a80096, 00000e51, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000005) <00000001, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000002) ip330[admin]# • 0 192.168.0.150 3665 193.109.185.162 21 6 0001c001 00806080 Rule 8 TimeOut 3600 C11 49 c12 1046116859 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1 • 0193.109.185.162 21 195.207.89.244 13896 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 0193.109.185.162 21 192.168.0.150 3665 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 193.109.185.162 21 192.168.0.150 3665 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 1192.168.0.150 3665 193.109.185.162 21 6 0 192.168.0.150 3665 193.109.185.162 21 6