Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

141

142

143

144

145

146

147

148

149

150

Appendix A: State Tables for VPN-1/FireWall-1 4.0 What are State Tables?

Advanced Technical Reference Guide 4.1 • June 2000 141

State Tables for VPN-1/FireWall-1 4.0

Note: The information in this appendix is updated to VPN-1/FireWall-1 4.0 SP6. The information for

VPN-1/FireWall-1 4.1 and 4.1 SP1 (Check Point 2000) is virtually the same, apart from the addition of new

tables in the later versions.

What are State Tables?

State tables are used to keep state information which the FireWall-1 virtual machine (and, in several cases,

other components of FireWall-1) need in order to correctly Inspect the packet. The tables are actually the

“memory” of the virtual machine in the kernel, and are the key component in Check Point’s Stateful Inspection

technology.

A discussion of Stateful Inspection can be found in the VPN-1/FireWall-1 Administration Guide (versions 4.1

and Check Point 2000) and in the Architecture and Administration Guide (version 4.0)

The tables are implemented as dynamic hash table in the kernel memory.. All field values are in hexadecimal,

apart from the timeout value at the end of the entry (where present).

fw tab

fw tab displays the content of INSPECT tables on the target hosts in various formats.

For each host, the default format displays the host name and a list of all tables with their elements

Syntax

fw tab [-all |-conf confile] [-s][-m number][-u][-t tname][-x tname][-d]

targets

Options

parameter meaning

-all

The command is to be executed on all targets specified in the default system configuration

file ($FWDIR/conf/sys.conf)

-conf

conffile

The command is to be executed on all targets specified in conffile

-s

Summary of the number of entries in each table: host name, table name, table ID, and its

number of entries

-m number

For each table, display only its first number of entries (default is 16 entries at most)

-u

Do not limit the number of entries displayed for each table

-t tname

Displays only tname table

-x tname

Delete all the entries in tname.

-x

Delete all entries in all tables

-d

Debug mode

targets

Run from the management station, for a remote VPN/FireWall module