Check Point Certified Security Master – Topic 2 – Chain Modules
In this second article, ill solve the questions of the second topic of CCSM Certification: Chain Modules!
Those questions are available in CCSM Study Guide
ENJOY!
What the IP Options Strip represents under the fw chain output?
The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.
How to explain the command fw ctl chain
function?
fw ctl chain
will show all active chains in the Security Gateway as shown below:
Source 0 – sk98799 – Kernel Debug
Further Reading – CP R76 Gaia WebAdmin – Very good documentation about fw ctl
What command shows which firewall chain modules are active on a gateway.
According to the same sk98799 – Kernel Debug above:
To see all active chains in the Security Gateway, run: fw ctl chain
Further Reading – CP R76 Gaia WebAdmin – Very good documentation about fw ctl
Why fw debug commands should always be followed with an “off” parameter after capturing
troubleshooting data?
Because if it’s not turned off, the System will keep generating logs. It can crash the system due to high processing levels or disk consumption.
You can see the right procedure to full debug the kernel in sk98799
What flag option(s) must be used to dump the complete table in friendly format, assuming the connections in the table are more than 100?
fw tab
can help us, as in sk65133:
The usage of fw tab
is:
The flag -f
is explained above.
The flag -u
is for unlimited numbers. You can use -m
to set the maximum values.
So, the right answer to this question is:
fw tab -t connections -f -u
Source: sk65133 – Connections Table Format
Which directory contains the URL Filtering engine update info?
The directory is: $FWDIR/appi/update
If you want to check the update status, you can take a look in $FWDIR/appi/update/Version
file:
Source 0: [ sk112249 – Best Practices – Application Control – Ensuring the Gateway Receives Online Updates](https://supportcenter.checkpoint.com/supportcenter/?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112249&partition=General&product=Application Control#Ensuring the Gateway Receives Online Updates)
What table is used to contain the URLF cache values for URL Filtering in the Cloud in R75 and above?
In sk90422 – How to modify URL Filtering cache size? explains how to change the cache size.
So, the table is: urlf_cache_table
What command would you issue in order to show all the chains through which traffic passed?
fw monitor -e "accept;" -p all
Source: sk30583 – What is FW Monitor?
Which commands will properly set the debug level to maximum and then run a policy install in debug
mode for the policy Standard on gateway A-GW from an R77 Gaia Management Server?
As in sk112824:
First, to increase the debug level, you can do:
export TDERROR_ALL_ALL=5
and then, install the policy Standard on Gateway A-GW:
fwm –d load Standard A-GW
You can do it in a single line:
export TDERROR_ALL_ALL=5; fwm –d load Standard A-GW
Don’t forget to disable the debug mode with:
unset TDERROR_ALL_ALL
. Also, unset the variables that you used for debug, example:
Further Reading:
sk98799 – Kernel Debug
sk97638 – Check Point Processes and Daemons
How To Troubleshoot Policy Installation Issues
Which commands obtain information about the mis-configuration issues that point to the rule base?
You must start the debug of FWM.
Use the procedures detailed in sk86186.
Source: sk86186 – How to debug FWM daemon
What following command would help you understand which chain is causing a problem on the Security Gateway, you use?
fw monitor -e "accept;" -p all
Source: sk30583 – What is FW Monitor?
Which process should you debug when SmartDashboard authentication is rejected?
fwm
is responsible for the communications between SmartConsole applications and Security Management Server.
Source: sk97638 – Check Point Processes and Daemons
Where fwm debug logs are written?
$FWDIR/log/fwm.elg
Source: sk86186 – How to debug FWM daemon
That’s all for today!
Thank you so much for reading!
See you in the third topic! 🙂
Vinny
Source: SQL Injection
0 comentário