Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Debug message of FloodGate (NG FP3)

To: [email protected]
Subject: [FW-1] Debug message of FloodGate (NG FP3)
From: Wen Guangcheng <[email protected]>
Date: Tue, 26 Aug 2003 19:41:02 +0900
Comments: To: [email protected]
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello Gurus,
I am running FloodGate-1(NG FP3) on Solaris8. In order investigate a FloodGate
connection's classification I run the commands,
#fw ctl debug âbuf 1024
#fw ctl debug -m FG-1 + policy
#fw ctl kdebug âf

and part of output is as follows,
.........
fg_match_profile_fields: -- ***  rule match! ***
fg_match_profile_fields: -- BEFORE Try match [Web rule](objid=2): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [Web rule](objid=2): conn 200.240.2.
66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: Profile match for svc = no dst = yes src = yes sub_svc
= no.
fg_match_profile_fields: dst port = 25, uri port = 0.
fg_match_profile_fields: -- no match! failed on service.
fg_match_profile_fields: -- BEFORE Try match [FTP rule](objid=3): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [FTP rule](objid=3): conn 200.240.2.
66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: Profile match for svc = no dst = yes src = yes sub_svc
= no.
fg_match_profile_fields: dst port = 25, uri port = 0.
fg_match_profile_fields: -- no match! failed on service.
fg_match_profile_fields: -- BEFORE Try match [SMTP rule](objid=4): conn 200.240.
2.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [SMTP rule](objid=4): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: found port match
fg_match_profile_fields: Profile match for svc = yes dst = yes src = yes sub_svc
 = no.
fg_match_profile_fields: -- ***  rule match! ***
............

I don't understand the meaning of the output message so well and I am not sure
if the rules(Web, FTP,SMTP) are matched or not. What is the meaning of
"BEFORE "and "AFTER"?  What is the meaning of "no match" in the message?
Does it mean FTP and SMTP rule are not matched?
My FloodGate policy rule is set as follows,
Web    rule:  Any  Any  http  Weight 35 Account
FTP    rule:  Any  Any  ftp    Weight 20 Account
SMTP rule:  Any  Any  smtp  Weight 15 Account
Default    :  Any  Any  Any    Weight 10 Account

Thanks in advance.

Best Regards,

--Wen

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] OPSEC ??
Next by Date: [FW-1] SIP and SIP_any
Previous by thread: [FW-1] NAT'g the Firewall interfaces
Next by thread: [FW-1] SIP and SIP_any
Index(es):
- Date
- Thread