how to use fw monitor in checkpoint
fw monitor is a powerful command for troubleshooting and analyzing packets
i will explain some example of fw monitor
Below command from the expert mode. It shows packet for IP 192.168.2.2 as source or destination.
fw# fw monitor -e ‘accept host(192.168.2.2);’
we can understand some points to fw monitor command - (i, I, o, O)
i - Before the FireWall Virtual Machine, in the inbound direction – Pre-Inbound – marked as i
I - After the FireWall Virtual Machine, in the inbound direction – Post-Inbound – marked as I
o - Before the FireWall Virtual Machine, in the outbound direction – Pre-Outbound – marked as o
O - After the FireWall Virtual Machine, in the outbound direction – Post-Outbound – marked as O
fw monitor -e “accept src=xx.xx.xx.xx;”
-----------------------------------------------------------
Write output to file [-o ]
fw monitor –o monitor.pcap -e “accept src=xx.xx.xx.xx;”Capturing all traffic to or from a host
fw monitor -e “accept src=xx.xx.xx.xx or dst=xx.xx.xx.xx;”Capture http traffic
fw monitor -e “accept sport=80 or dport=80;”View traffic for virtual system with ID . Attn: with fw monitor use -v instead of -vs
fw monitor -v -e 'accept;'Capture web traffic for VSX virtual system ID 3
fw monitor -v 3 -e 'accept tcpport(80);'
No comments