Searching for a Connection (asg search)

This section describes how to search for a connection in the Connections Table.

Description

Use the "asg search" command in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group. or the Expert mode to:

You can run this command directly or in Interactive Mode. In the Interactive Mode, you can enter the parameters in the correct sequence.

The "asg search" command also runs a consistency test between Security Group Members.

This command supports both IPv4 and IPv6 connections.

Searching in the Non-Interactive Mode

Syntax

asg search -help

asg search [-v] [-vs <VS IDs>] [<Source IP Address> <Source Port> <Destination IP Address> <Destination Port> <Protocol>]

Parameters

Parameter

Description

No Parameters

Runs in the interactive mode.

-help

Shows the built-in help.

-vs <VS IDs>

Applies to Virtual Systems as specified by the <VS IDs>.

<VS IDs> can be:

  • No <VS IDs> specified (default) - Applies to the context of the current Virtual System

  • One Virtual System

  • A comma-separated list of Virtual Systems (for example, 1,2,4,5)

  • A range of Virtual Systems (for example, 3-5)

  • all - Shows all Virtual Systems

This parameter is only applicable in a VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment.

<Source IP Address>

Specifies the source IPv4 or IPv6 address.

<Source Port>

Specifies the source port number.

See IANA Service Name and Port Number Registry.

<Destination IP Address>

Specifies the destination IPv4 or IPv6 address.

<Destination Port>

Specifies the destination port number.

See IANA Service Name and Port Number Registry.

<Protocol>

Specifies the IP Protocol name or number.

See IANA Protocol Numbers.

-v

Shows connection indicators for:

This is in addition to the indicators for Active and Backup Security Group Members.

Notes:

  • You must enter the all parameters in the sequence as appears in the above syntax.

  • You can enter "\*" as a wildcard parameter (meaning, any value).

  • The "-vs" parameter is only available for a Security Group in VSX mode.

Examples

[Expert@MyChassis-ch0x-0x:0]# gclish
[Global] MyChassis-ch01-01> asg search -v 192.0.2.4 192.0.2.15 \* tcp
Lookup for conn: <192.0.2.4, 192.0.2.15, *, tcp>, may take few seconds...
 
<192.0.2.4, 1130,  192.0.2.15, 49829, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36323, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49851, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36308, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36299, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49835, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49856, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36331, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49857, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49841, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36315, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 1130,  192.0.2.15, 49859, tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36300, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
<192.0.2.4, 36301, 192.0.2.15, 1130,  tcp> -> [2_01 A, 1_04 A]
 
Legend:
A - Active SGM
B - Backup SGM
C - Correction Layer table
F - Firewall connection table
S - SecureXL connection table
[Global] MyChassis-ch01-01>
 
[Expert@MyChassis-ch0x-0x:0]# gclish
[Global] MyChassis-ch01-01> asg search 2620:0:2a03:16:2:33:0:1 \* 8080 tcp
 
<2620:0:2a03:16:2:33:0:1, 52117, 951::69cb:e42d:eac0:652f, 8080, tcp> -> [1_01 A, 2_01 B]
<2620:0:2a03:16:2:33:0:1, 62775, 951::69cb:e42d:eac0:652f, 8080, tcp> -> [1_01 A, 2_01 B]
<2620:0:2a03:16:2:33:0:1, 54378, 951::69cb:e42d:eac0:652f, 8080, tcp> -> [1_01 A, 2_01 B]
Legend:
A - Active SGM
B - Backup SGM
[Global] MyChassis-ch01-01>
 
[Expert@MyChassis-ch0x-0x:0]# gclish
[Global] MyChassis-ch01-01> asg search -vs 0 \* \* \* \* \*.
Lookup for conn: <*, *, *, *, *>, may take few seconds...
 
<172.23.9.130, 18192, 172.23.9.138, 43563, tcp> -> [1_01 A]
<172.23.9.130, 32888, 172.23.9.138, 257, tcp> -> [1_01 A]
<172.23.9.130, 22, 194.29.47.14, 52120, tcp> -> [1_01 A]
<172.23.9.138, 257, 172.23.9.130, 32963, tcp> -> [1_01 A]
<172.23.9.130, 22, 194.29.47.14, 52104, tcp> -> [1_01 A]
<255.255.255.255, 67, 0.0.0.0, 68, udp> -> [1_01 A]
<172.23.9.138, 257, 172.23.9.130, 32864, tcp> -> [1_01 A]
<172.23.9.138, 257, 172.23.9.130, 32888, tcp> -> [1_01 A]
<172.23.9.138, 257, 172.23.9.130, 33465, tcp> -> [1_01 A]
<172.23.9.130, 22, 194.29.40.23, 65515, tcp> -> [1_01 A]
<172.23.9.130, 22, 194.29.47.14, 52493, tcp> -> [1_01 A]
<172.23.9.130, 18192, 172.23.9.138, 49059, tcp> -> [1_01 A]
<172.23.9.130, 18192, 172.23.9.138, 33356, tcp> -> [1_01 A]
<172.23.9.138, 33356, 172.23.9.130, 18192, tcp> -> [1_01 A]
<172.23.9.138, 43563, 172.23.9.130, 18192, tcp> -> [1_01 A]
<172.23.9.130, 32864, 172.23.9.138, 257, tcp> -> [1_01 A]
<0.0.0.0, 68, 255.255.255.255, 67, udp> -> [1_01 A]
<172.23.9.130, 32963, 172.23.9.138, 257, tcp> -> [1_01 A]
<172.23.9.130, 33465, 172.23.9.138, 257, tcp> -> [1_01 A]
<194.29.47.14, 52120, 172.23.9.130, 22, tcp> -> [1_01 A]
<194.29.47.14, 52104, 172.23.9.130, 22, tcp> -> [1_01 A]
<fe80::d840:5de7:8dbe:2345, 546, ff02::1:2, 547, udp> -> [1_01 A]
<194.29.47.14, 52493, 172.23.9.130, 22, tcp> -> [1_01 A]
<172.23.9.138, 49059, 172.23.9.130, 18192, tcp> -> [1_01 A]
<194.29.40.23, 65515, 172.23.9.130, 22, tcp> -> [1_01 A]
Legend:
A - Active SGM
B - Backup SGM
[Global] MyChassis-ch01-01>

Searching in the Interactive Mode

In the Interactive Mode, you enter the connection search parameters in the required sequence.

Step

Instructions

1

Connect to the command line on the Security Group.

2

Go to GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish: enter gclish and press Enter.

3

Run the command:

> asg search [-vs <VS IDs>] [-v]

4

Enter these parameters in the order below:

  1. Source IPv4 or IPv6 address.

  2. Destination IPv4 or IPv6 address.

  3. Destination port number.

    See IANA Service Name and Port Number Registry.

  4. IP protocol.

    See IANA Protocol Numbers.

  5. Source port number.

    See IANA Service Name and Port Number Registry.

Note - Press the Enter key to enter a wildcard value (meaning, any value).

 
[Expert@MyChassis-ch0x-0x:0]# gclish
[Global] MyChassis-ch01-01> asg search -v
 
Please enter conn's 5 tuple:
----------------------------
Enter source IP (press enter for wildcard):
 >192.0.2.4
Enter destination IP (press enter for wildcard):
 >192.0.2.15
Enter destination port (press enter for wildcard):
 > 
Enter IP protocol ('tcp', 'udp', 'icmp' or enter for wildcard):
 >tcp
Enter source port (press enter for wildcard):
 > 
Lookup for conn: <192.0.2.4, *, 192.0.2.15, *, tcp>, may take few seconds...
<192.0.2.4, 37408, 192.0.2.15, 1130, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 1130, 192.0.2.15, 49670, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 1130, 192.0.2.15, 49653, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 37406, 192.0.2.15, 1130, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 1130, 192.0.2.15, 49663, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 1130, 192.0.2.15, 49658, tcp> -> [2_01 AF, 1_04 AF]
<192.0.2.4, 37407, 192.0.2.15, 1130, tcp> -> [2_01 AF, 1_04 AF]
 
Legend:
A - Active SGM
B - Backup SGM
C - Correction Layer table
F - Firewall connection table
S - SecureXL connection table
 
[Global] MyChassis-ch01-01>