In this second article, ill solve the questions of the second topic of CCSM Certification: Chain Modules!

Those questions are available in CCSM Study Guide


What the IP Options Strip represents under the fw chain output?

The IP Options Strip removes the IP header of the packet prior to be passed to the other kernel functions.

How to explain the command fw ctl chain function?

fw ctl chain will show all active chains in the Security Gateway as shown below:

Source 0 - sk98799 - Kernel Debug
Further Reading - CP R76 Gaia WebAdmin - Very good documentation about fw ctl

What command shows which firewall chain modules are active on a gateway.

According to the same sk98799 - Kernel Debug above:

To see all active chains in the Security Gateway, run: fw ctl chain

Further Reading - CP R76 Gaia WebAdmin - Very good documentation about fw ctl

Why fw debug commands should always be followed with an “off” parameter after capturing
troubleshooting data?

Because if it's not turned off, the System will keep generating logs. It can crash the system due to high processing levels or disk consumption.

You can see the right procedure to full debug the kernel in sk98799

What flag option(s) must be used to dump the complete table in friendly format, assuming the connections in the table are more than 100?

fw tab can help us, as in sk65133:

The usage of fw tab is:

The flag -f is explained above.
The flag -u is for unlimited numbers. You can use -m to set the maximum values.

So, the right answer to this question is:

fw tab -t connections -f -u

Source: sk65133 - Connections Table Format

Which directory contains the URL Filtering engine update info?

The directory is: $FWDIR/appi/update

If you want to check the update status, you can take a look in $FWDIR/appi/update/Version file:

Source 0: [ sk112249 - Best Practices - Application Control - Ensuring the Gateway Receives Online Updates]( Control#Ensuring the Gateway Receives Online Updates)

What table is used to contain the URLF cache values for URL Filtering in the Cloud in R75 and above?

In sk90422 - How to modify URL Filtering cache size? explains how to change the cache size.

So, the table is: urlf_cache_table

What command would you issue in order to show all the chains through which traffic passed?

fw monitor -e "accept;" -p all

Source: sk30583 - What is FW Monitor?

Which commands will properly set the debug level to maximum and then run a policy install in debug
mode for the policy Standard on gateway A-GW from an R77 Gaia Management Server?

As in sk112824:

First, to increase the debug level, you can do:

and then, install the policy Standard on Gateway A-GW:

fwm –d load Standard A-GW

You can do it in a single line:

export TDERROR_ALL_ALL=5; fwm –d load Standard A-GW

Don't forget to disable the debug mode with:

unset TDERROR_ALL_ALL. Also, unset the variables that you used for debug, example:

Further Reading:
sk98799 - Kernel Debug

sk112824 - Policy installation failed with "Internal error occurred during the verification process" status message

sk97638 - Check Point Processes and Daemons

How To Troubleshoot Policy Installation Issues

Which commands obtain information about the mis-configuration issues that point to the rule base?

You must start the debug of FWM.

Use the procedures detailed in sk86186.

Source: sk86186 - How to debug FWM daemon

What following command would help you understand which chain is causing a problem on the Security Gateway, you use?

fw monitor -e "accept;" -p all

Source: sk30583 - What is FW Monitor?

Which process should you debug when SmartDashboard authentication is rejected?

fwm is responsible for the communications between SmartConsole applications and Security Management Server.

Source: sk97638 - Check Point Processes and Daemons

Where fwm debug logs are written?


Source: sk86186 - How to debug FWM daemon

That's all for today!
Thank you so much for reading!

See you in the third topic! :)