Main Topics
https://www.ankenbrand24.de/index.php/articles/articles-check-point/
https://community.checkpoint.com/t5/General-Topics/R80-x-Architecture-and-Performance-Tuning-Link-Collection/m-p/47883#M9336
1. Advance Database Management
2. Kernel Mode and User Mode
Troubleshooting
3. SmartConsole and
Policy Management
4. Advance Network Address Translation
5. VPN Troubleshooting
6. Troubleshooting Access Control
Policies
7. Troubleshooting Threat Prevention
Policies
8. Troubleshooting IPS
9. Optimization and Tuning
10. Advance Clustering
11. Acceleration Debugging
12.IPv6
Appendix A – Question and Answers
Appendix B - Critical Devices Failovers and Solutions
Subject
ClusterXL
CoreXL
SecureXL
IPS ATGR
80 - Questions
80% of questions Training
SecureXL will accelerate packets from interface to interface for known traffic thus saving CPU usage CoreXL adds ability to run multiple inspection cores concurrently.
Check Point Processes and Daemons sk97638
How to modify URL Filtering cache size sk90422
Debug Policy Verification sk33438
IPS sk60395
1. Advance Database Management
ProstgreSQL
- 2 different segments
- CPM and Monitoring
CPM
- Central database
- Contains all objects in database
Monitoring Segment
-contains views (status written from queries
ProstgreSQL Interactive Shell is psql_client
When typing a command, cpm is the name of the Database, and postgress is the connection username
To view postgres:
1. psql_client cpm postgres
2. at prompt enter: \d [a list of rations (database objects) displays]
3. close the psql session type \q
To view monitoring database segment:
1. psql_client monitoring postgres
Postgres Tables
Tables are the primary storage objects for data in postgres database.
tables consists of rows and columns which holds data.
Each table consist of following columns or fields"
- Schema (collection of database objects(tables) associated with a particular database name)
- Name (The name assigned to database object)
- Type (type of database objects used to store or preference the data)
- Owner (schema owner or owner of the related group of objects.
Objects in the database are represented in 2 different tables
dleobjectderef_data
CpNetworkObject_data
Database Queries
Syntax
select <colum name1, column name2 ...> from <tablename> where <condition>;
select name from dleobjectderef_data where name = 'Your-FW';
Database Domains
Management database configuration stored in postgres database is partition into several rational database domains -
1. Global Domain
- exist in the Security Management Deployment
- It is
2. User Domain
- Stores user modify configuration such as network objects and security policies
- Multi Domain environment, each domain contains a separate user domain type
3. System Domain
- contains administrator data,
- Folders
- Domain
- Trusted GUI Client permission profile
- Management settings
4. Log Domain
- contains config data of log servers and save queries for application
Data Domains
- Default data
- threat Prevention Data domains
- Application control
To view postgres:
1. psql_client cpm postgres
2. at prompt enter: \d [a list of rations (database objects) displays]
3. close the psql session type \q
[Expert@mytestMGMT:0]# fw ver
This is Check Point's software version R80.30 - Build 078
[Expert@mytestMGMT1:0]# psql_client cpm postgres
psql.bin (9.2.4)
Type "help" for help.
cpm=#
cpm=# \d
List of relations
Schema | Name | Type | Owner
--------+----------------------------------------------------------------+----------+----------
public | abstractauditlogbase | table | postgres
public | accessctrlaccessrole | view | postgres
public | accessctrlaccessrole_data | table | postgres
public | accessctrlaccessrole_machines | view | postgres
public | accessctrlaccessrole_machines_data | table | postgres
public | accessctrlaccessrole_networks | view | postgres
public | accessctrlaccessrole_networks_data | table | postgres
public | accessctrlaccessrole_users | view | postgres
public | accessctrlaccessrole_users_data | table | postgres
public | accessctrlautoupdateappsettings | view | postgres
public | accessctrlautoupdateappsettings_data | table | postgres
public | accessctrlrule | view | postgres
public | accessctrlrule_data | table | postgres
public | accessctrlrulebase | view | postgres
public | accessctrlrulebase_data | table | postgres
public | accessctrlsection | view | postgres
public | accessctrlsection_data | table | postgres
public | accessctrlsharedsection | view | postgres
public | accessctrlsharedsection_data | table | postgres
public | accessinlinerulebaseentity | view | postgres
public | accessinlinerulebaseentity_data | table | postgres
public | accesspolicy | view | postgres
public | accesspolicy_data | table | postgres
public | accesspolicycontainer | view | postgres
public | accesspolicycontainer_data | table | postgres
public | accesspolicycontainermirror | view | postgres
public | accesspolicycontainermirror_data | table | postgres
public | accesspolicymirror | view | postgres
public | accesspolicymirror_data | table | postgres
public | activedirectorysettings | view | postgres
public | activedirectorysettings_data | table | postgres
public | addindicatornotificationdetails | view | postgres
public | addindicatornotificationdetails_data | table | postgres
public | addressrange | view | postgres
public | addressrange_data | table | postgres
public | adminsettings | view | postgres
public | adminsettings_data | table | postgres
public | aduifetchprofile | view | postgres
public | aduifetchprofile_data | table | postgres
public | allowedclients | view | postgres
public | allowedclients_data | table | postgres
--More--
public | vpnglobal_data | table | postgres
public | vseclicense | view | postgres
public | vseclicense_data | table | postgres
public | wildcardobject | view | postgres
public | wildcardobject_data | table | postgres
public | worksession | table | postgres
public | worksessionaudit | table | postgres
(964 rows)
cpm=#
cpm-# \d vpncommunity
View "public.vpncommunity"
Column | Type | Modifiers
-----------------------------+-----------------------------+-----------
objid | uuid |
checkpointobjid | uuid |
color | character varying(255) |
comments | text |
customfields | text |
displayname | character varying(255) |
dlesession | smallint |
domainid | uuid |
featurespreset | uuid |
folder | uuid |
icon | character varying(255) |
name | text |
permissionprimitivepresetid | uuid |
readprimitiveid | uuid |
tags | text |
creationtime | timestamp without time zone |
creator | character varying(255) |
deletable | boolean |
lastmodifier | character varying(255) |
lastmodifytime | timestamp without time zone |
newobject | boolean |
renameable | boolean |
validationstate | integer |
opid | bigint |
editingsession | smallint |
deleted | boolean |
cpm-#
cpm=# select name, objid from domainbase_data;
name | objid
------------------+--------------------------------------
Check Point Data | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
System Data | a0eebc99-afed-4ef8-bb6d-fedfedfedfed
IPS Data | a0bbbc99-adef-4ef8-bb6d-cebcebcebceb
APPI Data | 8bf4ac51-2df7-40e1-9bce-bedbedbedbed
LOG Data | 31ab94da-4ab1-5da9-a03d-ddddddaaaaaa
Global | 1e294ce0-367a-11e3-aa6e-0800200c9a66
SMC User | 41e821a0-3720-11e3-aa6e-0800200c9fde
(7 rows)
cpm=#
cpm=# \d dleobjectderef_data
Table "public.dleobjectderef_data"
Column | Type | Modifiers
-----------------------------+------------------------+-----------------------------------------------------
objid | uuid | not null
blobonlyinfo | text |
checkpointobjid | uuid |
cpmitable | character varying(255) |
cpmitype | character varying(255) |
deletewhenorphan | boolean |
dlesession | smallint | default mysessionid()
domainid | uuid |
excludefromsync | boolean | default false
featurespreset | uuid |
folder | uuid |
fwset | text |
ipaddresses | text |
name | text |
nameuniquenessscope | character varying(255) |
objclass | character varying(255) |
objectoverview | text |
permissionprimitivepresetid | uuid |
readprimitiveid | uuid |
tabletype | integer |
validname | boolean |
opid | bigint | not null default nextval('opid_sequence'::regclass)
fromversion | integer |
toversion | integer |
editingsession | smallint | default (-1)
deleted | boolean | default false
domainspreset | uuid |
Indexes:
"dleobjectderef_data_pkey" PRIMARY KEY, btree (opid)
"dleobjectderef_data_chkid_dom_idx" btree (checkpointobjid, domainid) WHERE checkpointobjid IS NOT NULL
"dleobjectderef_data_cpmitable_index" btree (cpmitable)
"dleobjectderef_data_cpmitype_index" btree (cpmitype)
"dleobjectderef_data_dlesession_excludefromsync_objclass_index" btree (objclass, dlesession, excludefromsync) WHERE obj
class IS NOT NULL
"dleobjectderef_data_dlesession_index" btree (dlesession)
"dleobjectderef_data_domainspreset_idx" btree (domainspreset) WHERE domainspreset IS NULL
"dleobjectderef_data_folder_index" btree (folder)
"dleobjectderef_data_name_index" btree (name) WHERE name IS NOT NULL
"dleobjectderef_data_name_lower_index" btree (lower(name))
"dleobjectderef_data_objid_index" btree (objid)
"dleobjectderef_data_table_and_name_idx" btree (cpmitable, name) WHERE cpmitable IS NOT NULL AND name IS NOT NULL
"dleobjectderef_data_validname_index" btree (validname) WHERE validname = false
"dleobjectderef_editing_session_index" btree (editingsession) WHERE editingsession <> (-1)
Check constraints:
"rev_constraint" CHECK (dlesession > 0 AND fromversion IS NULL AND toversion IS NULL OR (dlesession = 0 OR dlesession = (-1)) AND fromv
ersion IS NOT NULL AND toversion IS NOT NULL)
Triggers:
object_create BEFORE INSERT ON dleobjectderef_data FOR EACH ROW EXECUTE PROCEDURE create_object_dleobjectderef_data()
object_update BEFORE DELETE OR UPDATE ON dleobjectderef_data FOR EACH ROW EXECUTE PROCEDURE update_object_dleobjectderef_data()
cpm=#
^
cpm=# select name, objid, domainid from dleobjectderef_data where domainid ='a0bbbc99-adef-4ef8-bb6d-defdefdefdef' and name like '%tcp%';
name | objid | domainid
---------------------------------------------+--------------------------------------+--------------------------------------
unknown_tcp_protocol | b789287b-396d-47e2-b710-c6f1f6b4a35a | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
unknown_protocol_tcp | 8e3e95ae-42f0-405f-9a15-658656e4b77e | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
IKE_tcp | 97aeb3af-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
snmp-tcp | 7af4639a-f103-47fe-96f7-b652f7b34ad9 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
nfsd-tcp | 97aeb3b9-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
tcp-high-ports | 97aeb3dd-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
cp_tcp_A936BBAC_EBC3_4F18_B3CC_A63365F07477 | a936bbac-ebc3-4f18-b3cc-a63365f07477 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
echo-tcp | 97aeb3f7-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
domain-tcp | 97aeb3f9-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
discard-tcp | 97aeb3fd-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
time-tcp | 97aeb3ff-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
daytime-tcp | 97aeb401-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
ntp-tcp | 97aeb403-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
pptp-tcp | 97aeb425-9aea-11d5-bd16-0090272ccb30 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
sip-tcp | b11890a6-2700-495a-8c99-914d31714f3a | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
sip_any-tcp | 5aa6d21c-0cc8-4478-b3a3-2206c2da6d66 | a0bbbc99-adef-4ef8-bb6d-defdefdefdef
(16 rows)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='MGMT';
objid | objclass | domainid | dlesession
-------+----------+----------+------------
(0 rows)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='IKE_tcp';
objid | objclass | domainid | dlesession
--------------------------------------+-----------------------------------------------------+--------------------------------------+------------
97aeb3af-9aea-11d5-bd16-0090272ccb30 | com.checkpoint.objects.classes.dummy.CpmiTcpService | a0bbbc99-adef-4ef8-bb6d-defdefdefdef | 0
(1 row)
cpm=#
cpm=# select objid, objclass, domainid, dlesession from dleobjectderef_data where name='Mgmt';
objid | objclass | domainid | dlesession
--------------------------------------+--------------------------------------------------------------------+--------------------------------------+------------
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
f6a96fdd-55da-4987-9642-a45647cc00fb | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f6a96fdd-55da-4987-9642-a45647cc00fb | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
40c772e6-2201-433e-9239-61473f065793 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
53be0b02-e0cf-433d-9f52-4127c09ba1d4 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
a5429dfa-8b0c-4a60-a6be-f05d13d21e1c | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
36c61429-2cbd-4d42-a7a4-0d59f6c03cfe | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
36c61429-2cbd-4d42-a7a4-0d59f6c03cfe | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
f90f5aad-0ebd-4f0d-b71e-242253e8e434 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f90f5aad-0ebd-4f0d-b71e-242253e8e434 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
60ad6c84-460d-401b-a156-d5c22c8ffeb0 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
156afc18-54c0-4738-98c7-e1b973d13d21 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | -1
44747ccb-6f2e-48b6-82ef-400a7df57929 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
2a841864-d42e-4620-9995-e41021096a4f | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
f03029f5-f23c-46ae-8cfe-6c5cf1d230ff | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
24504319-8b51-45a0-8d56-27ce39ccaa65 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
308c0e17-a074-40b3-a62d-f3d034b77e52 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
d722337f-ee8c-47ab-b36c-e582d3bea88e | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
b16a8c5d-596c-4d6a-b9dc-2e0e6f6ce9b6 | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
1e08d97c-dd2e-4eb9-b60f-8e39f9bdd49b | com.checkpoint.management.cdm.objects.interfaces.EthernetInterface | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
a59524fb-8237-49db-805b-91ab353f5d03 | com.checkpoint.management.cdm.objects.network.GatewayNetwork | 41e821a0-3720-11e3-aa6e-0800200c9fde | 0
(26 rows)
cpm=#
cpm-# \q
[Expert@mytestMGMT:0]#
To view monitoring database segment:
------------------
1. psql_client monitoring postgres
[Expert@myfwMGMT:0]# psql_client monitoring postgres
psql.bin (9.2.4)
Type "help" for help.
monitoring=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands name query
\q to quit
monitoring=#
SONR
- solr is a search engine and indexer written java
- Real-time indexing and full text search capability.
- contains full clone of all prostgreSQL data.
- It generates indexes of the data for quick and easy search queries.
- Object information from both management database and log servers are stored in Solr
- Mgmt server runs instance of Solr via CPM. Additional instance runs when indexing of log server.
[Expert@myfwMGMT]# ps -efww | grep SOLR
admin 2286 24466 0 12:35 pts/2 00:00:00 grep --color=auto SOLR
admin 13557 7861 0 Dec09 ? 00:34:30 /opt/CPshrd-R80.30/jre_64/bin/java -D_CPM_SOLR=TRUE -Xmx512m -Xms64m -Xgcpolicy:optavgpause -Djava.io.tmpdir=/opt/CPsuite-R80.30/fw1/tmp -Xaggressive -Xshareclasses:none -Xdump:heap:events=gpf+user -Xdump:directory=/var/log/dump/usermode -Xdump:tool:none -Xdump:tool:events=gpf+abort+traceassert+corruptcache,priority=1,range=1..0,exec=javaCompress.sh CPM_SOLR %pid -Xdump:tool:events=systhrow,filter=java/lang/OutOfMemoryError,priority=1,range=1..0,exec=javaCompress.sh CPM_SOLR %pid -Xdump:tool:events=throw,filter=java/lang/OutOfMemoryError,priority=1,exec=kill -9 %pid -Dsolr.solr.home=/opt/CPsuite-R80.30/fw1/Solr/solr/ -DNGM.SOLR.LOG.DIR=/opt/CPsuite-R80.30/fw1/log -Djava.util.logging.config.file=/opt/CPsuite-R80.30/fw1/Solr/etc/logging.properties -DSTART=/opt/CPsuite-R80.30/fw1/Solr/start.config -Djetty.home=/opt/CPsuite-R80.30/fw1/Solr/ -DSTOP.KEY=checkpointkey -DSTOP.PORT=8982 -Dpath=/opt/CPsuite-R80.30/fw1/cpm-server/java_is.jar:/opt/CPsuite-R80.30/fw1/cpm-server/java_sic.jar:/opt/CPshrd-R80.30/jars/jetty_assist.jar -jar /opt/CPsuite-R80.30/fw1/Solr/start.jar
[Expert@myfwMGMT]#
Core Partitions
Solr has 7 core partitions each is consider a data unit.
- CPM_0_Active - Contains SMC_User Damain, system domain information from both public data and private session
- CPM_0_Revision - contains revision and public data
- CPM_Global_A - Contains CP_Data log, APPI, IPS, global domain information for both public data and private session
- CPM_Global_R - Contail Global revision and pubic data
- CPM_0_Log - Contains Log data Solr has 2 of these cores
- CPM_Global_M - contains statuses of SmarView
- New revision are transfer from active core to revision core once a day at midnight
[Expert@myfwmgmt:0]# cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
CPVIEWD 7408 E 1 [12:50:56] 9/12/2019 N cpviewd
CPVIEWS 7411 E 1 [12:50:56] 9/12/2019 N cpview_services
CPD 7424 E 1 [12:50:56] 9/12/2019 Y cpd
FWD 7533 E 1 [12:51:01] 9/12/2019 N fwd -n
FWM 7536 E 1 [12:51:01] 9/12/2019 N fwm
STPR 7544 E 1 [12:51:01] 9/12/2019 N status_proxy
CLOUDGUARD 7569 E 1 [12:51:02] 9/12/2019 N vsec_controller_start
SOLR 7761 E 1 [12:51:05] 9/12/2019 N java_solr /opt/CPrt-R80.30/conf/jetty.xml
RFL 7801 E 1 [12:51:05] 9/12/2019 N LogCore
SMARTVIEW 7837 E 1 [12:51:06] 9/12/2019 N SmartView
CPM 7861 E 1 [12:51:06] 9/12/2019 N /opt/CPsuite-R80.30/fw1/scripts/cpm.sh -s
INDEXER 7938 E 1 [12:51:07] 9/12/2019 N /opt/CPrt-R80.30/log_indexer/log_indexer
SMARTLOG_SERVER 8009 E 1 [12:51:08] 9/12/2019 N /opt/CPSmartLog-R80.30/smartlog_server
DASERVICE 25955 E 1 [06:54:42] 10/12/2019 N DAService_script
LPD 29083 E 1 [12:53:30] 9/12/2019 N lpd
CPSM 29472 E 1 [12:53:45] 9/12/2019 N cpstat_monitor
AUTOUPDATER 29477 E 1 [12:53:46] 9/12/2019 N AutoUpdaterService.sh
[Expert@myfwmgmt0]#
cpm=# select name, color, ipaddress4, from CpNetworkObject_data where name='MY-FW102';
cpm=# \d CpNetworkObject_data
Table "public.cpnetworkobject_data"
Column | Type | Modifiers
---------------------------------------+-----------------------------+-----------------------------------------------------
objid | uuid | not null
active | boolean |
checkpointobjid | uuid |
color | character varying(255) |
comments | text |
cpversion | uuid |
customfields | text |
displayname | character varying(255) |
dlesession | smallint | default mysessionid()
domainid | uuid |
featurespreset | uuid |
folder | uuid |
hardware | uuid |
icon | character varying(255) |
ipaddress4 | character varying(255) |
ipaddress6 | character varying(255) |
legacyobject | uuid |
mds | boolean |
name | character varying(255) |
objecttype | uuid |
os | uuid |
permissionprimitivepresetid | uuid |
platform | uuid |
readprimitiveid | uuid |
sicname | character varying(255) |
tags | text |
truststate | integer |
acceptsyslogmessages | boolean |
acctupdateinterval | integer |
alertonlowspace | boolean |
alertthreshold | integer |
alertunits | integer |
citrixicaapplicationdetection | boolean |
cleanuponlowspace | boolean |
cleanupthreshold | integer |
cleanupunits | integer |
daily_maintenance_at_least_script | character varying(255) |
daily_maintenance_script | character varying(255) |
dlpblobdeleteabovevaluepercentage | integer |
dlpblobdeleteonabove | boolean |
dlpblobdeleteonrunscript | boolean |
dlpblobfetchbulksize | integer |
dlpblobfetchinterval | integer |
dlpblobretryinterval | integer |
emergency_script | character varying(255) |
etmlogging | boolean |
forwardevent | boolean |
forwardlogwithoutdelete | boolean |
forwardlogs | boolean |
logforwardschedule | uuid |
logforwardtarget | uuid |
logkeepdaysvalue | integer |
logmaintenanceprofile | uuid |
logswitchbeforeforwarding | boolean |
maintenance_type | character varying(255) |
newlogfileonschedule | uuid |
newlogfileonsizeabove | boolean |
newlogfilethreshold | integer |
packetscapturereserveddiskmetrics | integer |
packetscapturereserveddisksizemb | integer |
packetscapturereserveddisksizepercent | integer |
rejectconnections | boolean |
scripttexttorunbeforecleanup | character varying(255) |
stoploggingonlowspace | boolean |
stoploggingthreshold | integer |
stoploggingunits | integer |
servertype | integer |
first | character varying(255) |
last | character varying(255) |
creationtime | timestamp without time zone |
creator | character varying(255) |
deletable | boolean |
lastmodifier | character varying(255) |
lastmodifytime | timestamp without time zone |
newobject | boolean |
renameable | boolean |
validationstate | integer |
opid | bigint | not null default nextval('opid_sequence'::regclass)
fromversion | integer |
toversion | integer |
editingsession | smallint | default (-1)
deleted | boolean | default false
Indexes:
"cpnetworkobject_data_pkey" PRIMARY KEY, btree (opid)
"cpnetworkobject_data_objid_index" btree (objid)
"cpnetworkobject_editing_session_index" btree (editingsession) WHERE editingsession <> (-1)
Check constraints:
"rev_constraint" CHECK (dlesession > 0 AND fromversion IS NULL AND toversion IS NULL OR (dlesession = 0 OR dlesession = (-1)) AND fromversion IS NOT NULL AND toversion IS NOT NULL)
Triggers:
object_create BEFORE INSERT ON cpnetworkobject_data FOR EACH ROW EXECUTE PROCEDURE create_object_cpnetworkobject_data()
object_update BEFORE DELETE OR UPDATE ON cpnetworkobject_data FOR EACH ROW EXECUTE PROCEDURE update_object_cpnetworkobject_data()
cpm=#
NAT
-----
Port Address Translation
5000 port for a single IP (after is port exhaustion)
table limit of 10K entry (firewall flushing table)
Automatic
Manuea
destination NAT on client Side
fwx cache
