Header Ads

Recently post

how to use fw monitor in checkpoint

 fw monitor is a powerful command for troubleshooting and analyzing packets

i will explain some example of fw monitor


Below command from the expert mode. It shows packet for IP 192.168.2.2 as source or destination.

fw# fw monitor -e ‘accept host(192.168.2.2);’


we can understand some points to fw monitor command - (i, I, o, O)

i - Before the FireWall Virtual Machine, in the inbound direction – Pre-Inbound – marked as i 

I  -  After the FireWall Virtual Machine, in the inbound direction – Post-Inbound – marked as I

o - Before the FireWall Virtual Machine, in the outbound direction – Pre-Outbound – marked as o

O - After the FireWall Virtual Machine, in the outbound direction – Post-Outbound – marked as O



fw monitor -e “accept src=xx.xx.xx.xx;”
-----------------------------------------------------------
Write output to file [-o ]
fw monitor –o monitor.pcap -e “accept src=xx.xx.xx.xx;”
Capturing all traffic to or from a host
fw monitor -e “accept src=xx.xx.xx.xx or dst=xx.xx.xx.xx;”
Capture http traffic
fw monitor -e “accept sport=80 or dport=80;”
View traffic for virtual system with ID . Attn: with fw monitor use -v instead of -vs
fw monitor -v  -e 'accept;'
Capture web traffic for VSX virtual system ID 3
fw monitor -v 3 -e 'accept tcpport(80);'


No comments