how to use fw monitor in checkpoint

Posted by

 fw monitor is a powerful command for troubleshooting and analyzing packets

i will explain some example of fw monitor


Below command from the expert mode. It shows packet for IP 192.168.2.2 as source or destination.

fw# fw monitor -e ‘accept host(192.168.2.2);’


we can understand some points to fw monitor command – (i, I, o, O)

i – Before the FireWall Virtual Machine, in the inbound direction – Pre-Inbound – marked as i 

I  –  After the FireWall Virtual Machine, in the inbound direction – Post-Inbound – marked as I

o – Before the FireWall Virtual Machine, in the outbound direction – Pre-Outbound – marked as o

O – After the FireWall Virtual Machine, in the outbound direction – Post-Outbound – marked as O



fw monitor -e “accept src=xx.xx.xx.xx;”
-----------------------------------------------------------
Write output to file [-o ]
fw monitor –o monitor.pcap -e “accept src=xx.xx.xx.xx;”
Capturing all traffic to or from a host
fw monitor -e “accept src=xx.xx.xx.xx or dst=xx.xx.xx.xx;”
Capture http traffic
fw monitor -e “accept sport=80 or dport=80;”
View traffic for virtual system with ID . Attn: with fw monitor use -v instead of -vs
fw monitor -v  -e 'accept;'
Capture web traffic for VSX virtual system ID 3
fw monitor -v 3 -e 'accept tcpport(80);'


[the-post-grid id="9538" title=""]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!