Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Packet Flow across the firewall

Packet Flow across the firewall 13 years 8 months ago #8363

  • Dhruv
  • Dhruv's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
Hi guys...
I m new to the checkpoint firewall and i wants to know how the packet is treated when it reaches the EM and what all things are checked in which order.

I've worked with NS firewall and in that the packet flow is in the below mentioned order:
1. Existing session lookup.
2. Policies related to Static Mapping
3. Routing
4. Policies

Ofcourse the checkpoint firewall must also be having such packet can anyone tell me wats the order of checking....


Checkpoint 13 years 8 months ago #8365

I've just been on the Checkpoint Admin course and have a diagram in the book that explains this completely. The snag is that the book is at home! I'll bring it into work and post the details next week

Book 13 years 8 months ago #8464

Aarrgh! I'm back in the office but I forgot the book again. Must be something to do with age...
Will try to remeber tomorrow

Packet Flow 13 years 8 months ago #8487

Okay, TheBishop comes good at last...
Here's the description of packet flow through the inspection engine as taken from the Firewall-1 training course:

1) Packet comes in
2) Address spoofed? If yes, discard
3) Apply any NAT transformation
4) IP options flags set? If yes, discard
5) Does packet match first rule?
- if yes, do what rule says then move on to consider next packet
- if no, move on to next rule
6) If no more rules left, discard the packet

a) Although NAT generally occurs at step 3) as shown, you can configure it to happen last of all, after the packet has been processed through the rules. If you do that, it will have to pass through the rules again to see if they allow the new packet to be output. Most people don't set it up this way as it's confusing and harder to work with
b) Note that there are user defined rules and implicit or hidden rules created by the firewall. It is the entire rulebase, which includes both, that is checked from absolute top to absolute bottom
c) Order of rules in the rulebase makes all the difference
d) The firewall can discard (silently drop) or reject (send back an icmp rejection)
e) There is an implied (can't see it anywhere but it exists) 'drop all' "rule" at the end of the rulebase. But most people create their own explicit "real" rule for this because you can't log from the implied rule

Hope that helps!

CheckPoint packet flow 13 years 8 months ago #8503

Hy Guys,
the explantion in the Check Point book is not totally correct or at least a very simplistic explanation. I've work years with the product and made some slides myself.

I've you get used with the "fw monitor" command you can easily understand how everyting works. you can dump the output of fw monitor in to a file with -o switch. THen you can read it with ethereal or fwethereal (somewhere on the public accessible Check Point website)....

Hope the info is usefull.

Checkpoint 13 years 8 months ago #8514

xxradar, thanks for making those files available, there is some meaty info in there which I will have a chew on. The info I posted is straight out of the book that you get when you go on the Checkpoint Firewall Admin-1 course. Always goes to show there is more to every subject than the bits they tell you about...
  • Page:
  • 1
Time to create page: 0.161 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup