R80.10: fw monitor – new inspection points (eE)

Earlier today a colleague found out that when he used fw monitor on R80.10 he saw two extra inspection points in the output. For years we’ve all seen iIoO but since R80.10 there is eE too! We’ve tried to find documentation about it but basically this is still undocumented.


[vs_0][fw_1] eth1:i[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth1:I[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth3:o[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_1] eth3:O[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_0] eth3:e[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443
[vs_0][fw_0] eth3:E[212]: 192.168.103.65 -> 10.11.11.23 (TCP) len=212 id=28330
TCP: 3421 -> 443

We expected the e’s would have something to do with encryption.

Continue reading “R80.10: fw monitor – new inspection points (eE)”

R80.10: Automatic Proxy ARP with Manual NAT rules

When releases like R80.10 hit the spotlights there will always be new features that don’t get immediate attention.

Something that changes with R80.10 is the new ability to enable automatic creation of Proxy ARP for manual NAT rules. Sounds nice, right?

Previously, when you used manual NAT rules with pre-R80.10 Security Gateways, you needed to either add proxy ARP through CLISH or by adding it to local.arp as described in sk30197.  That’s an article every engineer might have dealt with in the past.

Continue reading “R80.10: Automatic Proxy ARP with Manual NAT rules”

The CPUG Papers

A new exciting initiative has been introduced earlier this week: The CPUG Papers. As the authors stated themselves it’s going to be a comprehensive resource, providing clearly written, referenceable documentation that falls between the wonderful discussion information on the CPUG forums, and the detailed technical documentation provided by Check Point.

Continue reading “The CPUG Papers”