Analyzing FW Monitor Output in CLI

If you understand the inspection points in Check Point and can use FW Monitor to get the required logs/captures then you can read further on how how to analyze those logs.

Click to enlarge

So to start off with, lets see what the different fields are in the above picture of a sample log from the console;

Continue reading

Using FW Monitor to Capture Traffic Flows in Check Point (Cheat Sheet)

I’m in no way a Check Point junkie. I got these FW Monitor templates from my tech lead at work and he has been using these for over 10 years now. I find these templates just about enough to get me the captures that I need. If you need a more sophisticated FW Monitor, then I’d recommend you go through this document. In the next post after this I plan to write on how to analyze those logs/captures on your console and in Wireshark (this can get lengthy). In FW Monitor there are a few switches you can use to customize your captures but I’ve only posted some basic templates where you can just replace the IPs and run it.

If you’re not aware of the inspection points in Check Point, you can check out my previous post which will help you to understand the FW Monitor logs in a better way and possibly help in troubleshooting.

Continue reading

Understanding Inspection Points in Check Point

I was just about to put some FW Monitor templates on my blog for quick reference when I need to troubleshoot some issues in Check Point but I thought it would be a nice thing to explain this first (for myself too, as I keep forgetting this stuff :D).

When traffic flows through a Check Point Security Gateway (look here if you want to know about the architecture) it has to cross a series of inspection points. This post tries to explain what those inspection points are and how to troubleshoot traffic flows based on the inspection points. The next post will show how to use the FW Monitor.

Continue reading