Check Point Internals

Check Point Internals

Showing tables • fw tab • [-t <table>] • [-s | -c] • [-f] • [-r] • [-u | • … • fw tab -u –t connections

Connection table FP3 -------- connections -------- dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function c5f7637c 0 <00000000, c0a80096, 00000e3f, c0a80001, 00000016, 00000006; 0001c001, 00804080, 00000001, 00000e10, 00000000, 3e5a693d, 00000000, f559cfc3, 000007b6, 00000000, 00000000, ffffffff, ffffffff, 00000000, 02000000, 00000000, 00000000, 00000000, 00000000, 00000000, 6a8ec000, 00000000, 00000000, 00000000, 00000000; 3599/3600> <00000001, c0a80052, 00000a22, d1248030, 00003a98, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000002) <00000000, c3064f06, 0000008f, c3cf59f4, 00002e1f, 00000006> -> <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> (00000006) <00000001, c3cf59f5, 00004739, c0a80a21, 0000042c, 00000011> -> <00000000, c0a80a21, 0000042c, c3cf59f5, 00004739, 00000011> (00000005) <00000001, d1248030, 00003a98, c0a80052, 00000a22, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000005) <00000000, c0a80a21, 0000042c, c3cf59f5, 00004739, 00000011; 00010006, 00804000, 00000000, 00000028, 00000000, 3e5a6c15, 00000000, f559cfc3, 000007b6, 00000001, ffffffff, ffffffff, ffffffff, 00000000, 00000000, 00000000, 00000000, e32e6000, 00000000, 00000000, dfaf6800, 00000000, 00000000, 00000000, 39946800; 14/40> <00000001, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> -> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> (00000002) <00000001, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> -> <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006> (00000002) <00000000, d1248030, 00003a98, c3cf59f4, 0000e951, 00000006> -> <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006> (00000006) <00000001, c0a80096, 00000016, c0a80a21, 0000042d, 00000006> -> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006> (00000005) <00000000, c0a80096, 0000170c, c0a80a21, 0000042e, 00000006> -> <00000000, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> (00000006) <00000000, c0a80052, 00000a22, d1248030, 00003a98, 00000006; 0001c001, 00806080, 00000004, 00000e10, 00000000, 3e5956fc, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 02000000, 00000000, 00000000, d0568000, d1b24000, 00000000, f322b800, 00000000, 00000000, 00000000, 00000000; 3593/3600> <00000000, c0a80a21, 0000042d, c0a80096, 00000016, 00000006; 0001c006, 00806080, 0000000a, 00000e10, 00000000, 3e5a68a3, 00000000, f559cfc3, 000007b6, 00000001, 00000001, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 21c68800, 00000000, 00000000, 7e408800, 00000000, 00000000, 00000000, 70a7c000; 3599/3600> <00000001, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> -> <00000000, c0a80a21, 0000042e, c0a80096, 0000170c, 00000006> (00000002) <00000001, c0a80001, 00000016, c0a80096, 00000e3f, 00000006> -> <00000000, c0a80096, 00000e3f, c0a80001, 00000016, 00000006> (00000005) <00000000, c0a8000c, 000005c1, c3064f06, 0000008f, 00000006; 0001c001, 00806080, 00000008, 00000e10, 00000000, 3e5a087e, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 02000000, 00000000, 00000000, c4619000, d1aea000, 00000000, 3089d000, 00000000, 00000000, 00000000, 00000000; 3502/3600>

Connection table FP3 (con’d) 1 192.168.0.82 2594209.36.128.48 15000 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0 195.6.79.6 143 195.207.89.244 11807 6 0 192.168.0.12 1473 195.6.79.6 143 6 1 195.207.89.245 18233 192.168.10.33 1068 17 0 192.168.10.33 1068 195.207.89.245 18233 17 1 209.36.128.48 15000 192.168.0.82 2594 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0 192.168.10.33 1068 195.207.89.245 18233 17 00010006 00804000 Rule 0 TimeOut 40 C11 0 c12 1046113301 C13 0 C14 4116303811 C15 1974 cl_int_in 1 cl_int_out - srv_int_in - srv_int_out - 1 192.168.10.33 1069 192.168.0.150 22 6 0 192.168.10.33 1069 192.168.0.150 22 6 1 192.168.0.12 1473 195.6.79.6 143 6 0 192.168.0.12 1473 195.6.79.6 143 6 0 209.36.128.48 15000 195.207.89.244 59729 6 0 192.168.0.82 2594 209.36.128.48 15000 6 1 192.168.0.150 22 192.168.10.33 1069 6 0 192.168.10.33 1069 192.168.0.150 22 6 0 192.168.0.150 5900 192.168.10.33 1070 6 0 192.168.10.33 1070 192.168.0.150 5900 6 0 192.168.0.82 2594 209.36.128.48 15000 6 0001c001 00806080 Rule 4 TimeOut 3600 C11 0 c12 1046042364 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1 0 192.168.10.33 1069 192.168.0.150 22 6 0001c006 00806080 Rule 10 TimeOut 3600 C11 0 c12 1046112419 C13 0 C14 4116303811 C15 1974 cl_int_in 1 cl_int_out 1 srv_int_in 0 srv_int_out 0 1 192.168.10.33 1070 192.168.0.150 5900 6 0 192.168.10.33 1070 192.168.0.150 5900 6 1 192.168.0.1 22 192.168.0.150 3647 6 0 192.168.0.150 3647 192.168.0.1 22 6 0 192.168.0.12 1473 195.6.79.6 143 6 0001c001 00806080 Rule 8 TimeOut 3600 C11 0 c12 1046087806 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1

Simple HTTP and DNS example localhost: -------- connections -------- dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function ef8353d0 0 <00000000, ac1d6d01, 00000050, 0a010165, 00000497, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000006) <00000000, d4e90122, 00000035, 0a010165, 00000490, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000006) <00000001, d4e90122, 00000035, 0a010165, 00000490, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000005) <00000001, ac156501, 00004710, 0a010165, 00000475, 00000006> -> <00000000, 0a010165, 00000475, ac156501, 00004710, 00000006> (00000005) <00000000, 0a010165, 00000101, 0a010101, 000004cb, 00000006> -> <00000001, 0a010101, 000004cb, 0a010165, 00000101, 00000006> (00000006) <00000000, 0a010165, 0000008b, 0a010101, 000004c5, 00000006> -> <00000001, 0a010101, 000004c5, 0a010165, 0000008b, 00000006> (00000006) <00000001, 0a010101, 000004c5, 0a010165, 0000008b, 00000006; 0002c001, 00806200, 06000000, 00000e10, 00000000, 3e631d0f, 00000000, 0101010a, 000007b6, ffffffff, ffffffff, 00000002, 00000002, 00000000, 00000000, 00000000, 00000000, 00000000, 2802c800, 00000000, 00000000, 00000000; 3564/3600> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011; 00010001, 00806080, 00000001, 00000028, 0000003f, 3e631d96, 00000000, 0101010a, 000007b6, 00000002, 00000002, 00000000, 00000000, 00000000, 02000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 0/40> <00000001, 0a010165, 00000490, d4e90122, 00000035, 00000011> -> <00000000, 0a010165, 00000490, d4e90122, 00000035, 00000011> (00000002) <00000001, 0a010101, 000004cb, 0a010165, 00000101, 00000006; 0002c001, 00806200, 08000000, 00000e10, 00000000, 3e631d66, 00000000, 0101010a, 000007b6, ffffffff, ffffffff, 00000002, 00000002, 00000000, 00000000, 00000000, 00000000, 00000000, 2d034000, 00000000, 00000000, 00000000; 3574/3600> <00000001, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000002) <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006; 0001c001, 00806080, 00000001, 00000e10, 00000000, 3e631da4, 00000000, 0101010a, 000007b6, 00000002, 00000002, 00000000, 00000000, 00000000, 02000000, 00000000, 00000000, 00000000, 4903a000, 00000000, 00000000, 00000000; 3574/3600> <00000000, 0a010165, 00000475, ac156501, 00004710, 00000006; 0001c001, 00804200, 08000000, 00000e10, 00000000, 3e631d78, 00000000, 0101010a, 000007b6, 00000002, 00000002, ffffffff, ffffffff, 00000000, 00000000, 00000000, 00000000, 00000000, 32034800, 00000000, 00000000, 00000000; 3592/3600> <00000001, ac1d6d01, 00000050, 0a010165, 00000497, 00000006> -> <00000000, 0a010165, 00000497, ac1d6d01, 00000050, 00000006> (00000005)

Simple HTTP and DNS example (con’d) 0 172.29.109.1 80 10.1.1.101 1175 6 0 10.1.1.101 1175 172.29.109.1 80 6 0 212.233.1.34 53 10.1.1.101 1168 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 212.233.1.34 53 10.1.1.101 1168 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 172.21.101.1 18192 10.1.1.101 1141 6 0 10.1.1.101 1141 172.21.101.1 18192 6 0 10.1.1.101 257 10.1.1.1 1227 6 1 10.1.1.1 1227 10.1.1.101 257 6 0 10.1.1.101 139 10.1.1.1 1221 6 1 10.1.1.1 1221 10.1.1.101 139 6 1 10.1.1.1 1221 10.1.1.101 139 6 0002c001 00806200 Rule 100663296 TimeOut 3600 C11 0 c12 1046682895 C13 0 C14 16843018 C15 1974 cl_int_in - cl_int_out - srv_int_in 2 srv_int_out 2 0 10.1.1.101 1168 212.233.1.34 53 17 00010001 00806080 Rule 1 TimeOut 40 C11 63 c12 1046683030 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in 0 srv_int_out 0 1 10.1.1.101 1168 212.233.1.34 53 17 0 10.1.1.101 1168 212.233.1.34 53 17 1 10.1.1.1 1227 10.1.1.101 257 6 0002c001 00806200 Rule 134217728 TimeOut 3600 C11 0 c12 1046682982 C13 0 C14 16843018 C15 1974 cl_int_in - cl_int_out - srv_int_in 2 srv_int_out 2 1 10.1.1.101 1175 172.29.109.1 80 6 0 10.1.1.101 1175 172.29.109.1 80 6 0 10.1.1.101 1175 172.29.109.1 80 6 0001c001 00806080 Rule 1 TimeOut 3600 C11 0 c12 1046683044 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in 0 srv_int_out 0 0 10.1.1.101 1141 172.21.101.1 18192 6 0001c001 00804200 Rule 134217728 TimeOut 3600 C11 0 c12 1046683000 C13 0 C14 16843018 C15 1974 cl_int_in 2 cl_int_out 2 srv_int_in - srv_int_out - 1 172.29.109.1 80 10.1.1.101 1175 6 0 10.1.1.101 1175 172.29.109.1 80 6 0.0.0.0 0 0

NAT’ted FTP connection example ip330[admin]# fw tab -u -t connections | grep 15 dynamic, id 8158, attributes: keep, sync, expires 60, refresh, limit 25000, hashsize 32768, kbuf 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30, free function c5f7637c 0 <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006; 0001c001, 00806080, 00000008, 00000e10, 00000031, 3e5a79fb, 00000000, f559cfc3, 000007b6, 00000000, 00000000, 00000001, 00000001, 00000000, 22000000, 00000000, 00000000, ab4c6800, 08aee000, 00000000, c5d09000, 610f2000, 00000000, 00000000, 00000000; 3518/3600> <00000000, c16db9a2, 00000015, c3cf59f4, 00003648, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000006) <00000000, c16db9a2, 00000015, c0a80096, 00000e51, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000016) <00000001, c16db9a2, 00000015, c0a80096, 00000e51, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000005) <00000001, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> -> <00000000, c0a80096, 00000e51, c16db9a2, 00000015, 00000006> (00000002) ip330[admin]# • 0 192.168.0.150 3665 193.109.185.162 21 6 0001c001 00806080 Rule 8 TimeOut 3600 C11 49 c12 1046116859 C13 0 C14 4116303811 C15 1974 cl_int_in 0 cl_int_out 0 srv_int_in 1 srv_int_out 1 • 0193.109.185.162 21 195.207.89.244 13896 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 0193.109.185.162 21 192.168.0.150 3665 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 193.109.185.162 21 192.168.0.150 3665 6 0 192.168.0.150 3665 193.109.185.162 21 6 • 1192.168.0.150 3665 193.109.185.162 21 6 0 192.168.0.150 3665 193.109.185.162 21 6

Check Point Internals

Check Point Internals

Presentation Transcript

Check Point

Check Point UTM-1

Reporting Internals From a Reports Point of View

Check Point

Check Point Connectra NGX R60

Check Point DDoS Protector

1920s Check Point

Check Point

Browser internals

Check Point Makes DLP Work

Check Point Operations

Thread Internals

C++ internals

Check Point

Latch Internals

K42 Internals

Check Point #17

Check Point #20

Check Point #36

Check Point Connectra NGX R60