Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Debug message of FloodGate (NG FP3)

from Wen Guangcheng [Permanent Link]
Subject: [FW-1] Debug message of FloodGate (NG FP3)
From: Wen Guangcheng <wen.guangcheng AT CNT.SP.QNES.NEC.CO DOT JP>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Tue, 26 Aug 2003 19:41:02 +0900 
Hello Gurus,
I am running FloodGate-1(NG FP3) on Solaris8. In order investigate a FloodGate
connection's classification I run the commands,
#fw ctl debug –buf 1024
#fw ctl debug -m FG-1 + policy
#fw ctl kdebug –f

and part of output is as follows,
.........
fg_match_profile_fields: -- ***  rule match! ***
fg_match_profile_fields: -- BEFORE Try match [Web rule](objid=2): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [Web rule](objid=2): conn 200.240.2.
66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: Profile match for svc = no dst = yes src = yes sub_svc
= no.
fg_match_profile_fields: dst port = 25, uri port = 0.
fg_match_profile_fields: -- no match! failed on service.
fg_match_profile_fields: -- BEFORE Try match [FTP rule](objid=3): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [FTP rule](objid=3): conn 200.240.2.
66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: Profile match for svc = no dst = yes src = yes sub_svc
= no.
fg_match_profile_fields: dst port = 25, uri port = 0.
fg_match_profile_fields: -- no match! failed on service.
fg_match_profile_fields: -- BEFORE Try match [SMTP rule](objid=4): conn 200.240.
2.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: -- AFTER Try match [SMTP rule](objid=4): conn 200.240.2
.66:1208->192.168.2.60:25 (6)
fg_match_profile_fields: profile->nsvc = 1, profile_sub_svcs = 0, prof->url_inde
x = -1
fg_match_profile_fields: found port match
fg_match_profile_fields: Profile match for svc = yes dst = yes src = yes sub_svc
 = no.
fg_match_profile_fields: -- ***  rule match! ***
............

I don't understand the meaning of the output message so well and I am not sure
if the rules(Web, FTP,SMTP) are matched or not. What is the meaning of
"BEFORE "and "AFTER"?  What is the meaning of "no match" in the message?
Does it mean FTP and SMTP rule are not matched?
My FloodGate policy rule is set as follows,
Web    rule:  Any  Any  http  Weight 35 Account
FTP    rule:  Any  Any  ftp    Weight 20 Account
SMTP rule:  Any  Any  smtp  Weight 15 Account
Default    :  Any  Any  Any    Weight 10 Account

Thanks in advance.

Best Regards,

--Wen

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Debug message of FloodGate (NG FP3), Wen Guangcheng <=
Previous by Date:  Re: [FW-1] Something about Sendmail & FW-1, Nick Brandson
Next by Date:  [FW-1] SIP and SIP_any, Hiroshi Kubo
Previous by Thread:  [FW-1] NAT'g the Firewall interfaces, Cantwell, Steve
Next by Thread:  [FW-1] SIP and SIP_any, Hiroshi Kubo
Indexes:  [Date] [Thread] [Top] [All Lists]