Over three decades of Information Technology experience, specializing in High Performance Networks, Security Architecture, E-Commerce Engineering, Data Center Design, Implementation and Support
Sunday, December 29, 2019
Sunday, December 22, 2019
CLI for firewall debug, processes and daemon
The following terms are used on CLI for firewall debug, processes and daemon:
accel SecureXL
acct Application Control accounting
advp advanced patterns (signatures over port ranges)
APPI Application Control
aspii Accelerated Stateful Protocol Inspection Infrastructure (INPSECT streaming)
async IA checking known network
av Anti-Virus inspection
avi_del_tmp_files Shell script that periodically deletes various old temporary Anti-Virus files
balance ConnectControl -logical servers in kernel , load balancing
btime browse time
cache_tab cachetable infrastructure
ccp Cluster Control Protocol (CCP)
cgnat Carrier Grade NAT (CGN/CGNAT)
chain chain modules
chainfwd chain forwarding - cluster
chainq QoS holding and releasing packets during critical actions (policy install / uninstall)
CI Content Inspection
ci_http_server HTTP Server for Content Inspection
clishd Gaia Clish CLI interface process - general information for all Clish sessions
clish Gaia Clish CLI interface
clob data classification-Classification Object (CLOB)
cloningd Cloning Groups daemon
cluster ClusterXL
cmi Context Management Infrastructure
cmi_inspect cmi_loader - INSPECT code
cmi_loader CMI loader
cmi_module cmi_loader module operations -initialization, module loading, calls to module, contexts, etc.
confd Database and configuration
conn Connections Table issues
connstats connections statisticsfor Evaluation of Heavy Connectionsin CPView (refer to sk105762)
context operations on Memory context and CPU context
CPAS CPAS (Check Point Active Streaming)
cpca Check Point Internal Certificate Authority (ICA)
cpcode Data LossPrevention (DLP) CPcode
cpd Check Point processes / daemon
cpdiag CPDiag operations
cp_file_convert Used to convert various file formats to simple textual format for scanning by the DLP engine
cphaconf installs cluster configuration or CLI command
cphamcset Clustering daemon
cphaprob Process that lists the state of cluster members or CLI command
cphastart Starts the cluster and state synchronization.
cphastop Stops the cluster and state synchronization
cp_http_server HTTP Server for Management Portal (SmartPortal) and for OS WebUI
cp_http_server HTTP Server for OS WebUI and Management Portal
cplmd get the data that should be presented in SmartView Tracker
cpm Check Point management daemon (PostgreSQL and SOLR databases)
cposd SMB-specific daemon responsible for OS Networking operations
cprid Check Point Remote Installation Daemon
cprid_wd WatchDog for Check Point Remote Installation Daemon
cpsead Responsible for Correlation Unit functionality
cpsemd Responsible for logging into the SmartEvent GUI
cpsnmpd SNMP queries for Check Point OIDs
cpstat_monitor Process is responsible for collecting and sending information to SmartView Monitor
cptls CRYPTO-PRO Transport Layer Security (HTTPS inspection)
cpviewd CPView Utility daemon (sk101878)
cpview_historyd CPView Utility History daemon (sk101878).
cpwd WatchDog monitors critical processes such as Check Point daemons
cpwmd Check Point Web Management daemon
crypto basic information about encryption and decryption
cserver Check Server that either stops or processes the e-mail
ctasd Commtouch Anti-Spam daemon
ctipd Commtouch IP Reputation daemon.
cu Connectivity Upgrade (sk107042)
cvpnd Back-end daemon of the Mobile Access Software Blade
cvpnd processingof connections handles by Mobile Access daemon
cvpnproc Offload blocking commands from cvpnd
CvpnUMD Report SNMP connected users to AMON
DAService Check Point Upgrade Service Engine (CPUSE) - (sk92449)
dbsync DBsync enables SmartReporter to synchronize data stored in different parts of the network.
dbwriter Offload database commands from cvpnd and synchronize with other members
dfa Pattern Matcher (Deterministic Finite Automaton) compilation and execution
df Decision Function -decides, which member will handle each packet in a Load Sharing mode
dfilter debug filteroperations
dhcpd DHCP server daemon
dlpda Data LossPrevention (DLP) Download Agent
dlp Data Loss Prevention
dlp_fingerprint Used to identify the data according to a unique signature
dlpk Data LossPrevention (DLP) Kernel Module
dlpu DLP process - receives data from Check Point kernel.
dlpuk Data LossPrevention (DLP) User Module
dnstun DNS tunnels
domain DNS queries
dos DDoS attack mitigation(part of IPS)
dropbear Lightweight SSH server on SMB appliance
dynlog dynamic log enhancement (INSPECT logs)
fg FloodGate-1 (QoS)
FILEAPP File Application
filecache Content Awareness file caching
flofiler Flow profiler
fwapp information about policy installation for FireWall application
fwd Firewall processes / daemon
fwdlp DLP core engine that performs the scanning / inspection
fw Firewall
fwm Communication between SmartConsole applications and Security Management Server
fwpushd Mobile Access Push Notifications daemon
fwstats FW-1 statistics
fwucd DLP UserCheck back-end daemon that sends approval / disapproval requests to user
ghtab multi-threaded safe global hash tables
glue glue layer messages
gtp GPRS Tunneling Protocol(GTP)
gtp GTP (GPRS Tunneling Protocol)
h323 VoIP H.323
htab multi-threaded safe hash table
httpd2 Web server daemon (Gaia Portal)
httpd Endpoint Policy Management Server
httpd Front-end daemon of the Mobile Access Software Blade (multi-processes)
IA_htab IA checking for network IP address, working with kernel tables
ICAP_CLIENT Internet Content Adaptation Protocol client
IDAPI Identity Awareness
ifnotify notification of changes in interface status -up or down (received from OS)
in.acapd Packet capturing daemon for SmartView Tracker logs
in.emaild.mta E-Mail Security Server
in.emaild.pop3 POP3 Security Server that receives e-mails sent by user
in.emaild.smtp MTP Security Server that receives e-mails sent by user and sends them to their destinations
in.geod Updates the IPS Geo Protection Database
in.msd Mail Security Daemon that queries the Commtouch engine for reputation.
interpreter Process is responsible for Compliance Blade database scan.
ioctl IOCTL control messages -communication between kernel and daemon
ipopt IP options enforcement
java_solr Events are stored in the SOLR database (Jetty Server) part of cpm
kbuf kernel-buffer
kissd KISS –used for kernel memory management
kissflow Kernel Infrastructure Flow
kiss Kernel Infrastructure
kisspm Kernel Infrastructure Pattern Matcher
kqstats Kernel Worker thread statistics mechanism
kw Kernel Worker state and Pattern Matcher inspection
ld kernel dynamic tables infrastructure -reads from / writes to the tables
lea_session LEA OPSEC session
lea LEA OPSEC - logs
llq QoS low latency queuing
log_consolidator Log Consolidator for the SmartReporter product
log_indexer R80 Log indexer
lpd Log Parser Daemon – Search predefined patterns in log files
mab Mobile Access handler
machine INSPECT Virtual Machine
MALWARE Malware (Threat Prevention)
mem_pool memory pool
mgcp Media Gateway Control Protocol
mgr policy installationmanager
misc miscellaneous helpful information
misp ISP Redundancy
mmagic MAC magic - operations (getting, setting, updating, initializing, dropping,etc.)
monitorall debug -> fw monitor -p all
monitord Hardware monitoring daemon
monitor debug -> fw monitor
MoveFileDemuxer Related to MoveFileServer process (moving files between cluster members)
MoveFileServer Move files between cluster members in order to perform database synchronization
mpdaemon Apache server (which can have multiple processes for starting these web servers.
mrtsync synchronization (in kernel) between cluster members of Multicast Routes
msnms MSN over MSMS(MSN Messenger protocol)
mspi information related to creation and destruction of MSA / MSPI
mtctx multi-threaded context -memory allocation, reference count
multik CoreXL -> Multi-Kernel Inspection
mutex Unified Policy internal mutex operations
nac Network Access Control (NAC)
NRB Next Rule Base
ntup Non-TCP / Non-UDP traffic policy (traffic parser)
om_alloc allocationof Office Mode IP addresses
osu cluster Optimal Service Upgrade(sk107042)
packet_err invalid packets, for which dispatching decision can’t be made
packval statelessverifications -sequences, fragments, translations and other header verifications
parser file parsing or CMI parser
parsers_is cmi_loader parsers infrastructure
pcktdmp dumps the encryptedpackets before encryption/ decryptedpackets after decryption
pcre Perl Compatible Regular Expressions
pdpd IA Policy Decision Point daemon
pepd IA Policy Enforcement Point daemon
per_conn messages per connection (when a new connection is handled by RTM)
per_pckt messages per packet (when a new packet arrives is handled by RTM) or "con_conn"
Pinger Reduce the number of httpd processes performing ActiveSync.
pkt_dump traffic packet dump
pkxld Performs asymmetric key operations for HTTPS Inspection
PM_compile Pattern Matcher -pattern compilation
pmdump Pattern Matcher - DFA (dumping XMLs)
pm Gaia OS Process Manager
pmint Pattern Matcher compilation
pm Pattern Matcher - compilation and execution
pnote registering and monitoring of critical ClusterXL Devices
portscan port scanning prevention mechanics
postgres PostgreSQL server
prof Firewall Priority Queues-connection profiler (refer to sk105762)
q driver queue
qosaccel QoS acceleration
qos QoS (FloodGate-1)
queue Kernel Worker thread queues
quota cross-instance quota table
RAD_KERNEL Resource Advisor Kernel
rad Resource Advisor
rconfd Provisioning daemon
rem Regular Expression Matcher-Pattern Matcher 2nd tier (slow path)
report_mgr report manager
routed Routing daemon
rtdbd Real Time database daemon
rtmd Real Time traffic statistics.
RTM Real-Time Monitoring
salloc System Memory allocation
sam Suspicious Activity Monitoring
scanengine_b Third party engine.
scanengine_k Third party engine.
scanengine_s Third party engine.
scrub_cp_file_convertd Used to convert various file formats to simple textual format
scrubd Main Threat Extraction daemon
scrub Main CLI process for Threat Extraction
sctp Stream Control Transmission Protocol(SCTP)
scv SecureClient Verification
searchd Search indexing daemon
sec_rb secondary NRB rulebase operations
SFT Stream File Type
sfwd SMB fwd
SGEN Struct Generator
shmem shared memory allocation
sigload signatures loader, patterns, ranges
skinny Skinny Client Control Protocol -Cisco proprietary VoIP protocol
smartlog_server SmartLog product service
SmartView SmartEvent Web Application
sms Manages communication with UTM-1 Edge Security Gateways.
sm String Matcher-Pattern Matcher 1st tier (fast path)
sna SnA objects ("Services and Application)
snmpd SNMP (Linux) daemon
SOLR CPM databases communication
span mirror port(duplicates the network traffic)
spii Stateful Protocol Inspection Infrastructure and INSPECT StreamingInfrastructure
sshd SSH daemon
ssl_insp HTTPS SSL Inspection
sslt SSL TLS library
status_proxy Status collection of ROBO Gateways - SmartLSM / SmartProvisioning status proxy.
subs Subscribermodule -set of APIs, which enable user space processes (by using a DLL)
SVRServer Controller for the SmartReporter product. Traffic is sent via SSL
swblade registration of Software Blades
sxl_statd Allow acquiring statistics information from Host ppak and Falcon cards
synatk 'SYN Attack' (SYNDefender)IPS protection
sync synchronization operations in ClusterXL
syslogd Syslog (Linux) daemon
tcpinfo TCP processing messages
tcpstr TCP streaming mechanism
tcpt TCP Tunnel (Visitor mode) related information(FW traversal on port 443)
ted Threat Emulation daemon engine
temp_conns temporary connections
te Threat Emulation
tnlmon tunnel monitoring
topo information about topology and Anti-Spoofingof interfaces
ua Universal Alcatel "UA" Protocol
ucd UserCheck connectionsto other cluster members
UC UserCheck
uepm Endpoint Management Server
uf URL filters and URL cache
uid Cross-instance Unique IDs
upapp information about policy installation for Unified Policyapplication
upconv Unified Policy conversion
UPIS Unified Policy Infrastructure
UP Unified Policy
urlf_ssl Application Control/ URL Filtering for SSL
usrchkd Main UserCheck daemon, which deals with UserCheck requests
usrchk The CLI client for the UserCheck daemon USRCHKD
usrmem User Spaceplatform memory usage
utf7 conversion of UTF-7characters to a Unicode characters
utf8 conversion of UTF-8 characters to a Unicode characters
uuid session UUID
vbuf virtual buffer
vm Virtual Machine chain decisions on traffic going through fw_filter_chain
VPN_cookie virtual de-fragmentation cookie
vpnd VPN processes / daemon
vpn_multik MultiCore VPN (refer to sk118097)
vpn_tagging sets the VPN policy of a connection according to VPN communities, VPN Policy related info
VPN VPN
vs Virtual System (VSX)
wap Multimedia Messaging Service (Wireless Application Protocol)
wd WebDefense
wire wire-mode Virtual Machine chain module
worker Kernel Worker -queuing and dequeuing
wsdnsd DNS Resolver - activated when Security Gateway is configured as HTTP/HTTPS Proxy
WSIS Web Intelligence Infrastructure
WS_parser Web Intelligence HTTP header parser layer
WS_pfinder Web Intelligence pattern finder
WS_regexp Web Intelligence regular expression library
WS_SIP Web Intelligence SIP Parser
wstlsd Handles SSL handshake for HTTPS Inspected connections.
WS Web Intelligence
xl Accelerator cards interaction
xlate NAT - basic information
xltrc NAT - additional information -going through NAT rulebase
xpand Configuration daemon that processes and validates all user configuration requests,...
zeco Zero-Copy kernel module memory allocations
acct Application Control accounting
advp advanced patterns (signatures over port ranges)
APPI Application Control
aspii Accelerated Stateful Protocol Inspection Infrastructure (INPSECT streaming)
async IA checking known network
av Anti-Virus inspection
avi_del_tmp_files Shell script that periodically deletes various old temporary Anti-Virus files
balance ConnectControl -logical servers in kernel , load balancing
btime browse time
cache_tab cachetable infrastructure
ccp Cluster Control Protocol (CCP)
cgnat Carrier Grade NAT (CGN/CGNAT)
chain chain modules
chainfwd chain forwarding - cluster
chainq QoS holding and releasing packets during critical actions (policy install / uninstall)
CI Content Inspection
ci_http_server HTTP Server for Content Inspection
clishd Gaia Clish CLI interface process - general information for all Clish sessions
clish Gaia Clish CLI interface
clob data classification-Classification Object (CLOB)
cloningd Cloning Groups daemon
cluster ClusterXL
cmi Context Management Infrastructure
cmi_inspect cmi_loader - INSPECT code
cmi_loader CMI loader
cmi_module cmi_loader module operations -initialization, module loading, calls to module, contexts, etc.
confd Database and configuration
conn Connections Table issues
connstats connections statisticsfor Evaluation of Heavy Connectionsin CPView (refer to sk105762)
context operations on Memory context and CPU context
CPAS CPAS (Check Point Active Streaming)
cpca Check Point Internal Certificate Authority (ICA)
cpcode Data LossPrevention (DLP) CPcode
cpd Check Point processes / daemon
cpdiag CPDiag operations
cp_file_convert Used to convert various file formats to simple textual format for scanning by the DLP engine
cphaconf installs cluster configuration or CLI command
cphamcset Clustering daemon
cphaprob Process that lists the state of cluster members or CLI command
cphastart Starts the cluster and state synchronization.
cphastop Stops the cluster and state synchronization
cp_http_server HTTP Server for Management Portal (SmartPortal) and for OS WebUI
cp_http_server HTTP Server for OS WebUI and Management Portal
cplmd get the data that should be presented in SmartView Tracker
cpm Check Point management daemon (PostgreSQL and SOLR databases)
cposd SMB-specific daemon responsible for OS Networking operations
cprid Check Point Remote Installation Daemon
cprid_wd WatchDog for Check Point Remote Installation Daemon
cpsead Responsible for Correlation Unit functionality
cpsemd Responsible for logging into the SmartEvent GUI
cpsnmpd SNMP queries for Check Point OIDs
cpstat_monitor Process is responsible for collecting and sending information to SmartView Monitor
cptls CRYPTO-PRO Transport Layer Security (HTTPS inspection)
cpviewd CPView Utility daemon (sk101878)
cpview_historyd CPView Utility History daemon (sk101878).
cpwd WatchDog monitors critical processes such as Check Point daemons
cpwmd Check Point Web Management daemon
crypto basic information about encryption and decryption
cserver Check Server that either stops or processes the e-mail
ctasd Commtouch Anti-Spam daemon
ctipd Commtouch IP Reputation daemon.
cu Connectivity Upgrade (sk107042)
cvpnd Back-end daemon of the Mobile Access Software Blade
cvpnd processingof connections handles by Mobile Access daemon
cvpnproc Offload blocking commands from cvpnd
CvpnUMD Report SNMP connected users to AMON
DAService Check Point Upgrade Service Engine (CPUSE) - (sk92449)
dbsync DBsync enables SmartReporter to synchronize data stored in different parts of the network.
dbwriter Offload database commands from cvpnd and synchronize with other members
dfa Pattern Matcher (Deterministic Finite Automaton) compilation and execution
df Decision Function -decides, which member will handle each packet in a Load Sharing mode
dfilter debug filteroperations
dhcpd DHCP server daemon
dlpda Data LossPrevention (DLP) Download Agent
dlp Data Loss Prevention
dlp_fingerprint Used to identify the data according to a unique signature
dlpk Data LossPrevention (DLP) Kernel Module
dlpu DLP process - receives data from Check Point kernel.
dlpuk Data LossPrevention (DLP) User Module
dnstun DNS tunnels
domain DNS queries
dos DDoS attack mitigation(part of IPS)
dropbear Lightweight SSH server on SMB appliance
dynlog dynamic log enhancement (INSPECT logs)
fg FloodGate-1 (QoS)
FILEAPP File Application
filecache Content Awareness file caching
flofiler Flow profiler
fwapp information about policy installation for FireWall application
fwd Firewall processes / daemon
fwdlp DLP core engine that performs the scanning / inspection
fw Firewall
fwm Communication between SmartConsole applications and Security Management Server
fwpushd Mobile Access Push Notifications daemon
fwstats FW-1 statistics
fwucd DLP UserCheck back-end daemon that sends approval / disapproval requests to user
ghtab multi-threaded safe global hash tables
glue glue layer messages
gtp GPRS Tunneling Protocol(GTP)
gtp GTP (GPRS Tunneling Protocol)
h323 VoIP H.323
htab multi-threaded safe hash table
httpd2 Web server daemon (Gaia Portal)
httpd Endpoint Policy Management Server
httpd Front-end daemon of the Mobile Access Software Blade (multi-processes)
IA_htab IA checking for network IP address, working with kernel tables
ICAP_CLIENT Internet Content Adaptation Protocol client
IDAPI Identity Awareness
ifnotify notification of changes in interface status -up or down (received from OS)
in.acapd Packet capturing daemon for SmartView Tracker logs
in.emaild.mta E-Mail Security Server
in.emaild.pop3 POP3 Security Server that receives e-mails sent by user
in.emaild.smtp MTP Security Server that receives e-mails sent by user and sends them to their destinations
in.geod Updates the IPS Geo Protection Database
in.msd Mail Security Daemon that queries the Commtouch engine for reputation.
interpreter Process is responsible for Compliance Blade database scan.
ioctl IOCTL control messages -communication between kernel and daemon
ipopt IP options enforcement
java_solr Events are stored in the SOLR database (Jetty Server) part of cpm
kbuf kernel-buffer
kissd KISS –used for kernel memory management
kissflow Kernel Infrastructure Flow
kiss Kernel Infrastructure
kisspm Kernel Infrastructure Pattern Matcher
kqstats Kernel Worker thread statistics mechanism
kw Kernel Worker state and Pattern Matcher inspection
ld kernel dynamic tables infrastructure -reads from / writes to the tables
lea_session LEA OPSEC session
lea LEA OPSEC - logs
llq QoS low latency queuing
log_consolidator Log Consolidator for the SmartReporter product
log_indexer R80 Log indexer
lpd Log Parser Daemon – Search predefined patterns in log files
mab Mobile Access handler
machine INSPECT Virtual Machine
MALWARE Malware (Threat Prevention)
mem_pool memory pool
mgcp Media Gateway Control Protocol
mgr policy installationmanager
misc miscellaneous helpful information
misp ISP Redundancy
mmagic MAC magic - operations (getting, setting, updating, initializing, dropping,etc.)
monitorall debug -> fw monitor -p all
monitord Hardware monitoring daemon
monitor debug -> fw monitor
MoveFileDemuxer Related to MoveFileServer process (moving files between cluster members)
MoveFileServer Move files between cluster members in order to perform database synchronization
mpdaemon Apache server (which can have multiple processes for starting these web servers.
mrtsync synchronization (in kernel) between cluster members of Multicast Routes
msnms MSN over MSMS(MSN Messenger protocol)
mspi information related to creation and destruction of MSA / MSPI
mtctx multi-threaded context -memory allocation, reference count
multik CoreXL -> Multi-Kernel Inspection
mutex Unified Policy internal mutex operations
nac Network Access Control (NAC)
NRB Next Rule Base
ntup Non-TCP / Non-UDP traffic policy (traffic parser)
om_alloc allocationof Office Mode IP addresses
osu cluster Optimal Service Upgrade(sk107042)
packet_err invalid packets, for which dispatching decision can’t be made
packval statelessverifications -sequences, fragments, translations and other header verifications
parser file parsing or CMI parser
parsers_is cmi_loader parsers infrastructure
pcktdmp dumps the encryptedpackets before encryption/ decryptedpackets after decryption
pcre Perl Compatible Regular Expressions
pdpd IA Policy Decision Point daemon
pepd IA Policy Enforcement Point daemon
per_conn messages per connection (when a new connection is handled by RTM)
per_pckt messages per packet (when a new packet arrives is handled by RTM) or "con_conn"
Pinger Reduce the number of httpd processes performing ActiveSync.
pkt_dump traffic packet dump
pkxld Performs asymmetric key operations for HTTPS Inspection
PM_compile Pattern Matcher -pattern compilation
pmdump Pattern Matcher - DFA (dumping XMLs)
pm Gaia OS Process Manager
pmint Pattern Matcher compilation
pm Pattern Matcher - compilation and execution
pnote registering and monitoring of critical ClusterXL Devices
portscan port scanning prevention mechanics
postgres PostgreSQL server
prof Firewall Priority Queues-connection profiler (refer to sk105762)
q driver queue
qosaccel QoS acceleration
qos QoS (FloodGate-1)
queue Kernel Worker thread queues
quota cross-instance quota table
RAD_KERNEL Resource Advisor Kernel
rad Resource Advisor
rconfd Provisioning daemon
rem Regular Expression Matcher-Pattern Matcher 2nd tier (slow path)
report_mgr report manager
routed Routing daemon
rtdbd Real Time database daemon
rtmd Real Time traffic statistics.
RTM Real-Time Monitoring
salloc System Memory allocation
sam Suspicious Activity Monitoring
scanengine_b Third party engine.
scanengine_k Third party engine.
scanengine_s Third party engine.
scrub_cp_file_convertd Used to convert various file formats to simple textual format
scrubd Main Threat Extraction daemon
scrub Main CLI process for Threat Extraction
sctp Stream Control Transmission Protocol(SCTP)
scv SecureClient Verification
searchd Search indexing daemon
sec_rb secondary NRB rulebase operations
SFT Stream File Type
sfwd SMB fwd
SGEN Struct Generator
shmem shared memory allocation
sigload signatures loader, patterns, ranges
skinny Skinny Client Control Protocol -Cisco proprietary VoIP protocol
smartlog_server SmartLog product service
SmartView SmartEvent Web Application
sms Manages communication with UTM-1 Edge Security Gateways.
sm String Matcher-Pattern Matcher 1st tier (fast path)
sna SnA objects ("Services and Application)
snmpd SNMP (Linux) daemon
SOLR CPM databases communication
span mirror port(duplicates the network traffic)
spii Stateful Protocol Inspection Infrastructure and INSPECT StreamingInfrastructure
sshd SSH daemon
ssl_insp HTTPS SSL Inspection
sslt SSL TLS library
status_proxy Status collection of ROBO Gateways - SmartLSM / SmartProvisioning status proxy.
subs Subscribermodule -set of APIs, which enable user space processes (by using a DLL)
SVRServer Controller for the SmartReporter product. Traffic is sent via SSL
swblade registration of Software Blades
sxl_statd Allow acquiring statistics information from Host ppak and Falcon cards
synatk 'SYN Attack' (SYNDefender)IPS protection
sync synchronization operations in ClusterXL
syslogd Syslog (Linux) daemon
tcpinfo TCP processing messages
tcpstr TCP streaming mechanism
tcpt TCP Tunnel (Visitor mode) related information(FW traversal on port 443)
ted Threat Emulation daemon engine
temp_conns temporary connections
te Threat Emulation
tnlmon tunnel monitoring
topo information about topology and Anti-Spoofingof interfaces
ua Universal Alcatel "UA" Protocol
ucd UserCheck connectionsto other cluster members
UC UserCheck
uepm Endpoint Management Server
uf URL filters and URL cache
uid Cross-instance Unique IDs
upapp information about policy installation for Unified Policyapplication
upconv Unified Policy conversion
UPIS Unified Policy Infrastructure
UP Unified Policy
urlf_ssl Application Control/ URL Filtering for SSL
usrchkd Main UserCheck daemon, which deals with UserCheck requests
usrchk The CLI client for the UserCheck daemon USRCHKD
usrmem User Spaceplatform memory usage
utf7 conversion of UTF-7characters to a Unicode characters
utf8 conversion of UTF-8 characters to a Unicode characters
uuid session UUID
vbuf virtual buffer
vm Virtual Machine chain decisions on traffic going through fw_filter_chain
VPN_cookie virtual de-fragmentation cookie
vpnd VPN processes / daemon
vpn_multik MultiCore VPN (refer to sk118097)
vpn_tagging sets the VPN policy of a connection according to VPN communities, VPN Policy related info
VPN VPN
vs Virtual System (VSX)
wap Multimedia Messaging Service (Wireless Application Protocol)
wd WebDefense
wire wire-mode Virtual Machine chain module
worker Kernel Worker -queuing and dequeuing
wsdnsd DNS Resolver - activated when Security Gateway is configured as HTTP/HTTPS Proxy
WSIS Web Intelligence Infrastructure
WS_parser Web Intelligence HTTP header parser layer
WS_pfinder Web Intelligence pattern finder
WS_regexp Web Intelligence regular expression library
WS_SIP Web Intelligence SIP Parser
wstlsd Handles SSL handshake for HTTPS Inspected connections.
WS Web Intelligence
xl Accelerator cards interaction
xlate NAT - basic information
xltrc NAT - additional information -going through NAT rulebase
xpand Configuration daemon that processes and validates all user configuration requests,...
zeco Zero-Copy kernel module memory allocations
Identity Awareness - IDC Problems
Identity Awareness - IDC Problems
Checking where the issue resides and provide this extra info to TAC.
Type the following commands on both PDP and PEP to see where the identity is known:
# pdp m u <PROBLEMATIC USERNAME>
or alternatively:
# pdp m ip <PROBLEMATIC IP>
and on the PEP side:
# pep sh u q cid <PROBLEMATIC IP>
or alternatively:
# pep sh u q usr <PROBLEMATIC USERNAME>
In addition to the above outputs, please provide TAC:
1. cpinfo from both PDP and PEP (if these are different machines)
2. log files:
$FWDIR/log/pdpd.elg*
$FWDIR/log/pepd.elg*
R80.20 - new ClusterXL commands
# cphaprob stat > with more clusterxl informations
# fwaccel ranges > show's anti spoofing ranges
# fw ctl multik utilize > shows the CoreXL queue utilization for each CoreXL FW instance
# fw ctl multik print_heavy_conn > shows the table with heavy connections
New ClusterXL clish commands are available.
> show cluster
Show cluster MAC Magic and MAC Forward Magic parameters. |
---|
> show cluster mmagic
Show cluster fail over information. |
---|
> show cluster failover
Reset history:
> show cluster failover reset history
Show cluster states of all members. |
---|
> show cluster stats
Show the roles of the RouteD daemon. |
---|
> show cluster roles
Show cluster statistics transport |
---|
> show cluster statistics transport
Show cluster statistics sync |
---|
> show cluster statistics sync
Show all cluster interfaces (cphaprob -a if) |
---|
> show cluster members interfaces all
Show pnotes (cphaprob -l list) |
---|
> show cluster members pnotes all
Check Point Certified Security Master
Main Topics
https://www.ankenbrand24.de/index.php/articles/articles-check-point/
https://community.checkpoint.com/t5/General-Topics/R80-x-Architecture-and-Performance-Tuning-Link-Collection/m-p/47883#M9336
1. Advance Database Management
2. Kernel Mode and User Mode
Troubleshooting
3. SmartConsole and
Policy Management
4. Advance Network Address Translation
5. VPN Troubleshooting
6. Troubleshooting Access Control
Policies
7. Troubleshooting Threat Prevention
Policies
8. Troubleshooting IPS
9. Optimization and Tuning
10. Advance Clustering
11. Acceleration Debugging
12.IPv6
Appendix A – Question and Answers
Appendix B - Critical Devices Failovers and Solutions
Subject
ClusterXL
CoreXL
SecureXL
IPS ATGR
80 - Questions
80% of questions Training
SecureXL will accelerate packets from interface to interface for known traffic thus saving CPU usage CoreXL adds ability to run multiple inspection cores concurrently.
Check Point Processes and Daemons sk97638
How to modify URL Filtering cache size sk90422
Debug Policy Verification sk33438
IPS sk60395
1. Advance Database Management
ProstgreSQL
- 2 different segments
- CPM and Monitoring
CPM
- Central database
- Contains all objects in database
Monitoring Segment
-contains views (status written from queries
ProstgreSQL Interactive Shell is psql_client
When typing a command, cpm is the name of the Database, and postgress is the connection username
To view postgres:
1. psql_client cpm postgres
2. at prompt enter: \d [a list of rations (database objects) displays]
3. close the psql session type \q
To view monitoring database segment:
1. psql_client monitoring postgres
Postgres Tables
Tables are the primary storage objects for data in postgres database.
tables consists of rows and columns which holds data.
Each table consist of following columns or fields"
- Schema (collection of database objects(tables) associated with a particular database name)
- Name (The name assigned to database object)
- Type (type of database objects used to store or preference the data)
- Owner (schema owner or owner of the related group of objects.
Objects in the database are represented in 2 different tables
dleobjectderef_data
CpNetworkObject_data
Database Queries
Syntax
select <colum name1, column name2 ...> from <tablename> where <condition>;
select name from dleobjectderef_data where name = 'Your-FW';
Database Domains
Management database configuration stored in postgres database is partition into several rational database domains -
1. Global Domain
- exist in the Security Management Deployment
- It is
2. User Domain
- Stores user modify configuration such as network objects and security policies
- Multi Domain environment, each domain contains a separate user domain type
3. System Domain
- contains administrator data,
- Folders
- Domain
- Trusted GUI Client permission profile
- Management settings
4. Log Domain
- contains config data of log servers and save queries for application
Data Domains
- Default data
- threat Prevention Data domains
- Application control
To view postgres:
1. psql_client cpm postgres
2. at prompt enter: \d [a list of rations (database objects) displays]
3. close the psql session type \q
[Expert@mytestMGMT:0]# fw ver
This is Check Point's software version R80.30 - Build 078
[Expert@mytestMGMT1:0]# psql_client cpm postgres
psql.bin (9.2.4)
Type "help" for help.
cpm=#
cpm=# \d
List of relations
Schema | Name | Type | Owner
--------+----------------------------------------------------------------+----------+----------
public | abstractauditlogbase | table | postgres
public | accessctrlaccessrole | view | postgres
public | accessctrlaccessrole_data | table | postgres
public | accessctrlaccessrole_machines | view | postgres
public | accessctrlaccessrole_machines_data | table | postgres
public | accessctrlaccessrole_networks | view | postgres
public | accessctrlaccessrole_networks_data | table | postgres
public | accessctrlaccessrole_users | view | postgres
public | accessctrlaccessrole_users_data | table | postgres
public | accessctrlautoupdateappsettings | view | postgres
public | accessctrlautoupdateappsettings_data | table | postgres
public | accessctrlrule | view | postgres
public | accessctrlrule_data | table | postgres
public | accessctrlrulebase | view | postgres
public | accessctrlrulebase_data | table | postgres
public | accessctrlsection | view | postgres
public | accessctrlsection_data | table | postgres
public | accessctrlsharedsection | view | postgres
public | accessctrlsharedsection_data | table | postgres
public | accessinlinerulebaseentity | view | postgres
public | accessinlinerulebaseentity_data | table | postgres
public | accesspolicy | view | postgres
public | accesspolicy_data | table | postgres
public | accesspolicycontainer | view | postgres
public | accesspolicycontainer_data | table | postgres
public | accesspolicycontainermirror | view | postgres
public | accesspolicycontainermirror_data | table | postgres
public | accesspolicymirror | view | postgres
public | accesspolicymirror_data | table | postgres
public | activedirectorysettings | view | postgres
public | activedirectorysettings_data | table | postgres
public | addindicatornotificationdetails | view | postgres
public | addindicatornotificationdetails_data | table | postgres
public | addressrange | view | postgres
public | addressrange_data | table | postgres
public | adminsettings | view | postgres
public | adminsettings_data | table | postgres
public | aduifetchprofile | view | postgres
public | aduifetchprofile_data | table | postgres
public | allowedclients | view | postgres
public | allowedclients_data | table | postgres
--More--
public | vpnglobal_data | table | postgres
public | vseclicense | view | postgres
public | vseclicense_data | table | postgres
public | wildcardobject | view | postgres
public | wildcardobject_data | table | postgres
public | worksession | table | postgres
public | worksessionaudit | table | postgres
(964 rows)
cpm=#
cpm-# \d vpncommunity
View "public.vpncommunity"
Column | Type | Modifiers
-----------------------------+-----------------------------+-----------
objid | uuid |
checkpointobjid | uuid |
color | character varying(255) |
comments | text |
customfields | text |
displayname | character varying(255) |
dlesession | smallint |
domainid | uuid |
featurespreset | uuid |
folder | uuid |
icon | character varying(255) |
name | text |
permissionprimitivepresetid | uuid |
readprimitiveid | uuid |
tags | text |
creationtime | timestamp without time zone |
creator | character varying(255) |
deletable | boolean |
lastmodifier | character varying(255) |
lastmodifytime | timestamp without time zone |
newobject | boolean |
renameable | boolean |
validationstate | integer |
opid | bigint |
editingsession | smallint |
deleted | boolean |
cpm-#
cpm=# select name, objid from domainbase_data;
name | objid
------------------+--------------------------------------
Check Point Data | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
System Data | a0eebc99-afed-4ef8-bb6d-fedfedfedfed
IPS Data | a0bbbc99-adef-4ef8-bb6d-cebcebcebceb
APPI Data | 8bf4ac51-2df7-40e1-9bce-bedbedbedbed
LOG Data | 31ab94da-4ab1-5da9-a03d-ddddddaaaaaa
Global | 1e294ce0-367a-11e3-aa6e-0800200c9a66
SMC User | 41e821a0-3720-11e3-aa6e-0800200c9fde
(7 rows)
cpm=#
cpm=# \d dleobjectderef_data
Table "public.dleobjectderef_data"
Column | Type | Modifiers
-----------------------------+------------------------+-----------------------------------------------------
objid | uuid | not null
blobonlyinfo | text |
checkpointobjid | uuid |
cpmitable | character varying(255) |
cpmitype | character varying(255) |
deletewhenorphan | boolean |
dlesession | smallint | default mysessionid()
domainid | uuid |
excludefromsync | boolean | default false
featurespreset | uuid |
folder | uuid |
fwset | text |
ipaddresses | text |
name | text |
nameuniquenessscope | character varying(255) |
objclass | character varying(255) |
objectoverview | text |
permissionprimitivepresetid | uuid |
readprimitiveid | uuid |
tabletype | integer |
validname | boolean |
opid | bigint | not null default nextval('opid_sequence'::regclass)
fromversion | integer |
toversion | integer |
editingsession | smallint | default (-1)
deleted | boolean | default false
domainspreset | uuid |
Indexes:
"dleobjectderef_data_pkey" PRIMARY KEY, btree (opid)
"dleobjectderef_data_chkid_dom_idx" btree (checkpointobjid, domainid) WHERE checkpointobjid IS NOT NULL
"dleobjectderef_data_cpmitable_index" btree (cpmitable)
"dleobjectderef_data_cpmitype_index" btree (cpmitype)
"dleobjectderef_data_dlesession_excludefromsync_objclass_index" btree (objclass, dlesession, excludefromsync) WHERE obj
class IS NOT NULL
"dleobjectderef_data_dlesession_index" btree (dlesession)
"dleobjectderef_data_domainspreset_idx" btree (domainspreset) WHERE domainspreset IS NULL
"dleobjectderef_data_folder_index" btree (folder)
"dleobjectderef_data_name_index" btree (name) WHERE name IS NOT NULL
"dleobjectderef_data_name_lower_index" btree (lower(name))
"dleobjectderef_data_objid_index" btree (objid)
"dleobjectderef_data_table_and_name_idx" btree (cpmitable, name) WHERE cpmitable IS NOT NULL AND name IS NOT NULL
"dleobjectderef_data_validname_index" btree (validname) WHERE validname = false
"dleobjectderef_editing_session_index" btree (editingsession) WHERE editingsession <> (-1)
Check constraints:
"rev_constraint" CHECK (dlesession > 0 AND fromversion IS NULL AND toversion IS NULL OR (dlesession = 0 OR dlesession = (-1)) AND fromv
ersion IS NOT NULL AND toversion IS NOT NULL)
Triggers:
object_create BEFORE INSERT ON dleobjectderef_data FOR EACH ROW EXECUTE PROCEDURE create_object_dleobjectderef_data()
object_update BEFORE DELETE OR UPDATE ON dleobjectderef_data FOR EACH ROW EXECUTE PROCEDURE update_object_dleobjectderef_data()
cpm=#
^
cpm=# select name, objid, domainid from dleobjectderef_data where domainid ='a0bbbc99-adef-4ef8-bb6d-defdefdefdef' and name like '%tcp%';
name | objid | domainid
---------------------------------------------+--------------------------------------+--------------------------------------
unknown_tcp_protocol | b789287b-396d-47e2-b710-c6f1f6b4a35a | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
unknown_protocol_tcp | 8e3e95ae-42f0-405f-9a15-658656e4b77e | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
IKE_tcp | 97aeb3af-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
snmp-tcp | 7af4639a-f103-47fe-96f7-b652f7b34ad9 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
nfsd-tcp | 97aeb3b9-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
tcp-high-ports | 97aeb3dd-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477 | a936bbac-ebc3-4f18-b3cc-a63365f07477 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
echo-tcp | 97aeb3f7-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
domain-tcp | 97aeb3f9-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
discard-tcp | 97aeb3fd-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
time-tcp | 97aeb3ff-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
daytime-tcp | 97aeb401-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
ntp-tcp | 97aeb403-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
pptp-tcp | 97aeb425-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
sip-tcp | b11890a6-2700-495a-8c99-914d31714f3a | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
sip_any-tcp | 5aa6d21c-0cc8-4478-b3a3-2206c2da6d66 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
(16 rows)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='MGMT';
objid | objclass | domainid | dlesession
-------+----------+----------+------------
(0 rows)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='IKE_tcp';
objid | objclass | domainid | dlesession
--------------------------------------+-----------------------------------------------------+--------------------------------------+------------
97aeb3af-9aea-11d5-bd16-0090272ccb30 | com.checkpoint.objects.classes.dummy.CpmiTcpService | a0bbbc99-adef-4ef8-bb6d-defdefdefdef | 0
(1 row)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='Mgmt';
objid | objclass | domainid | dlesession
--------------------------------------+--------------------------------------------------------------------+--------------------------------------+------------
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
f6a96fdd-55da-4987-9642-a45647cc00fb | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f6a96fdd-55da-4987-9642-a45647cc00fb | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
53be0b02-e0cf-433d-9f52-4127c09ba1d4 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
a5429dfa-8b0c-4a60-a6be-f05d13d21e1c | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
36c61429-2cbd-4d42-a7a4-0d59f6c03cfe | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
36c61429-2cbd-4d42-a7a4-0d59f6c03cfe | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
f90f5aad-0ebd-4f0d-b71e-242253e8e434 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f90f5aad-0ebd-4f0d-b71e-242253e8e434 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
44747ccb-6f2e-48b6-82ef-400a7df57929 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
2a841864-d42e-4620-9995-e41021096a4f | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f03029f5-f23c-46ae-8cfe-6c5cf1d230ff | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
24504319-8b51-45a0-8d56-27ce39ccaa65 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
308c0e17-a074-40b3-a62d-f3d034b77e52 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
d722337f-ee8c-47ab-b36c-e582d3bea88e | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
b16a8c5d-596c-4d6a-b9dc-2e0e6f6ce9b6 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
1e08d97c-dd2e-4eb9-b60f-8e39f9bdd49b | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
a59524fb-8237-49db-805b-91ab353f5d03 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
(26 rows)
cpm=#
cpm-# \q
[Expert@mytestMGMT:0]#
To view monitoring database segment:
------------------
1. psql_client monitoring postgres
[Expert@myfwMGMT:0]# psql_client monitoring postgres
psql.bin (9.2.4)
Type "help" for help.
monitoring=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands name query
\q to quit
monitoring=#
SONR
- solr is a search engine and indexer written java
- Real-time indexing and full text search capability.
- contains full clone of all prostgreSQL data.
- It generates indexes of the data for quick and easy search queries.
- Object information from both management database and log servers are stored in Solr
- Mgmt server runs instance of Solr via CPM. Additional instance runs when indexing of log server.
[Expert@myfwMGMT]# ps -efww | grep SOLR
admin 2286 24466 0 12:35 pts/2 00:00:00 grep --color=auto SOLR
admin 13557 7861 0 Dec09 ? 00:34:30 /opt/CPshrd-R80.30/jre_64/bin/java -D_CPM_SOLR=TRUE -Xmx512m -Xms64m -Xgcpolicy:optavgpause -Djava.io.tmpdir=/opt/CPsuite-R80.30/fw1/tmp -Xaggressive -Xshareclasses:none -Xdump:heap:events=gpf+user -Xdump:directory=/var/log/dump/usermode -Xdump:tool:none -Xdump:tool:events=gpf+abort+traceassert+corruptcache,priority=1,range=1..0,exec=javaCompress.sh CPM_SOLR %pid -Xdump:tool:events=systhrow,filter=java/lang/OutOfMemoryError,priority=1,range=1..0,exec=javaCompress.sh CPM_SOLR %pid -Xdump:tool:events=throw,filter=java/lang/OutOfMemoryError,priority=1,exec=kill -9 %pid -Dsolr.solr.home=/opt/CPsuite-R80.30/fw1/Solr/solr/ -DNGM.SOLR.LOG.DIR=/opt/CPsuite-R80.30/fw1/log -Djava.util.logging.config.file=/opt/CPsuite-R80.30/fw1/Solr/etc/logging.properties -DSTART=/opt/CPsuite-R80.30/fw1/Solr/start.config -Djetty.home=/opt/CPsuite-R80.30/fw1/Solr/ -DSTOP.KEY=checkpointkey -DSTOP.PORT=8982 -Dpath=/opt/CPsuite-R80.30/fw1/cpm-server/java_is.jar:/opt/CPsuite-R80.30/fw1/cpm-server/java_sic.jar:/opt/CPshrd-R80.30/jars/jetty_assist.jar -jar /opt/CPsuite-R80.30/fw1/Solr/start.jar
[Expert@myfwMGMT]#
Core Partitions
Solr has 7 core partitions each is consider a data unit.
- CPM_0_Active - Contains SMC_User Damain, system domain information from both public data and private session
- CPM_0_Revision - contains revision and public data
- CPM_Global_A - Contains CP_Data log, APPI, IPS, global domain information for both public data and private session
- CPM_Global_R - Contail Global revision and pubic data
- CPM_0_Log - Contains Log data Solr has 2 of these cores
- CPM_Global_M - contains statuses of SmarView
- New revision are transfer from active core to revision core once a day at midnight
[Expert@myfwmgmt:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 7408 E 1 [12:50:56] 9/12/2019 N cpviewd
CPVIEWS 7411 E 1 [12:50:56] 9/12/2019 N cpview_services
CPD 7424 E 1 [12:50:56] 9/12/2019 Y cpd
FWD 7533 E 1 [12:51:01] 9/12/2019 N fwd -n
FWM 7536 E 1 [12:51:01] 9/12/2019 N fwm
STPR 7544 E 1 [12:51:01] 9/12/2019 N status_proxy
CLOUDGUARD 7569 E 1 [12:51:02] 9/12/2019 N vsec_controller_start
SOLR 7761 E 1 [12:51:05] 9/12/2019 N java_solr /opt/CPrt-R80.30/conf/jetty.xml
RFL 7801 E 1 [12:51:05] 9/12/2019 N LogCore
SMARTVIEW 7837 E 1 [12:51:06] 9/12/2019 N SmartView
CPM 7861 E 1 [12:51:06] 9/12/2019 N /opt/CPsuite-R80.30/fw1/scripts/cpm.sh -s
INDEXER 7938 E 1 [12:51:07] 9/12/2019 N /opt/CPrt-R80.30/log_indexer/log_indexer
SMARTLOG_SERVER 8009 E 1 [12:51:08] 9/12/2019 N /opt/CPSmartLog-R80.30/smartlog_server
DASERVICE 25955 E 1 [06:54:42] 10/12/2019 N DAService_script
LPD 29083 E 1 [12:53:30] 9/12/2019 N lpd
CPSM 29472 E 1 [12:53:45] 9/12/2019 N cpstat_monitor
AUTOUPDATER 29477 E 1 [12:53:46] 9/12/2019 N AutoUpdaterService.sh
[Expert@myfwmgmt0]#
cpm=# select name, color, ipaddress4, from CpNetworkObject_data where name='MY-FW102';
cpm=# \d CpNetworkObject_data
Table "public.cpnetworkobject_data"
Column | Type | Modifiers
---------------------------------------+-----------------------------+-----------------------------------------------------
objid | uuid | not null
active | boolean |
checkpointobjid | uuid |
color | character varying(255) |
comments | text |
cpversion | uuid |
customfields | text |
displayname | character varying(255) |
dlesession | smallint | default mysessionid()
domainid | uuid |
featurespreset | uuid |
folder | uuid |
hardware | uuid |
icon | character varying(255) |
ipaddress4 | character varying(255) |
ipaddress6 | character varying(255) |
legacyobject | uuid |
mds | boolean |
name | character varying(255) |
objecttype | uuid |
os | uuid |
permissionprimitivepresetid | uuid |
platform | uuid |
readprimitiveid | uuid |
sicname | character varying(255) |
tags | text |
truststate | integer |
acceptsyslogmessages | boolean |
acctupdateinterval | integer |
alertonlowspace | boolean |
alertthreshold | integer |
alertunits | integer |
citrixicaapplicationdetection | boolean |
cleanuponlowspace | boolean |
cleanupthreshold | integer |
cleanupunits | integer |
daily_maintenance_at_least_script | character varying(255) |
daily_maintenance_script | character varying(255) |
dlpblobdeleteabovevaluepercentage | integer |
dlpblobdeleteonabove | boolean |
dlpblobdeleteonrunscript | boolean |
dlpblobfetchbulksize | integer |
dlpblobfetchinterval | integer |
dlpblobretryinterval | integer |
emergency_script | character varying(255) |
etmlogging | boolean |
forwardevent | boolean |
forwardlogwithoutdelete | boolean |
forwardlogs | boolean |
logforwardschedule | uuid |
logforwardtarget | uuid |
logkeepdaysvalue | integer |
logmaintenanceprofile | uuid |
logswitchbeforeforwarding | boolean |
maintenance_type | character varying(255) |
newlogfileonschedule | uuid |
newlogfileonsizeabove | boolean |
newlogfilethreshold | integer |
packetscapturereserveddiskmetrics | integer |
packetscapturereserveddisksizemb | integer |
packetscapturereserveddisksizepercent | integer |
rejectconnections | boolean |
scripttexttorunbeforecleanup | character varying(255) |
stoploggingonlowspace | boolean |
stoploggingthreshold | integer |
stoploggingunits | integer |
servertype | integer |
first | character varying(255) |
last | character varying(255) |
creationtime | timestamp without time zone |
creator | character varying(255) |
deletable | boolean |
lastmodifier | character varying(255) |
lastmodifytime | timestamp without time zone |
newobject | boolean |
renameable | boolean |
validationstate | integer |
opid | bigint | not null default nextval('opid_sequence'::regclass)
fromversion | integer |
toversion | integer |
editingsession | smallint | default (-1)
deleted | boolean | default false
Indexes:
"cpnetworkobject_data_pkey" PRIMARY KEY, btree (opid)
"cpnetworkobject_data_objid_index" btree (objid)
"cpnetworkobject_editing_session_index" btree (editingsession) WHERE editingsession <> (-1)
Check constraints:
"rev_constraint" CHECK (dlesession > 0 AND fromversion IS NULL AND toversion IS NULL OR (dlesession = 0 OR dlesession = (-1)) AND fromversion IS NOT NULL AND toversion IS NOT NULL)
Triggers:
object_create BEFORE INSERT ON cpnetworkobject_data FOR EACH ROW EXECUTE PROCEDURE create_object_cpnetworkobject_data()
object_update BEFORE DELETE OR UPDATE ON cpnetworkobject_data FOR EACH ROW EXECUTE PROCEDURE update_object_cpnetworkobject_data()
cpm=#
NAT
-----
Port Address Translation
5000 port for a single IP (after is port exhaustion)
table limit of 10K entry (firewall flushing table)
Automatic
Manuea
destination NAT on client Side
fwx cache