fw tab

Description

Shows data from the specified Security Gateway kernel tables.

This command also changes the content of dynamic kernel tables. You cannot change the content of static kernel tables.

Kernel tables (also known as State tables) store data that the Firewall and other Software Blades use to inspect packets. These kernel tables are a critical component of Stateful Inspection.

Best Practices:

  • Use the "fw tab -t connections -f" command to see the detailed (and more technical) information about the current connections in the Connections kernel table (ID 8158).

  • Use the fw ctl conntab command to see the simplified information about the current connections in the Connections kernel table (ID 8158).

Important:

  • You can run this command in the Expert mode or in Gaia Clish (Gaia gClish on Scalable Platforms).

  • On Scalable Platforms, you must connect to the applicable Security Group.

Syntax

fw tab {-h | -help}

fw [-d] tab

      -v

      -t <Table>

      {-c | -s}

      -f [-r]

      -o <Output File>

      {-u | -m <Limit>}

      -a -e "<Entry>"

      -A -e "<Entry>"

      -x [-e "<Entry>"]

      -y

      {-z [-l] | -M}

      <Name of Object>

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-h

-help

Shows the built-in usage.

-t <Table>

Specifies the kernel table by its name of unique ID.

To see the names and IDs of the available kernel tables, run:

fw tab -s

Because the output of this command is very long, we recommend to redirect it to a file. For example:

fw tab -s > /tmp/output.txt

Notes:

  • If you do not specify kernel tables, then the command shows the summary data for all kernel tables.

  • You can specify several different kernel tables in the same command.

-a -e "<Entry>"

Adds the specified entry to the specified kernel table.

If a kernel table has the "expire" attribute, when you add an entry with the "-a -e <Entry>" parameter, the new entry gets the default table timeout.

You can use this parameter only locally on a Security Gateway / Cluster Member.

Important - Each kernel table has its own internal format.

Warning - If you add a wrong entry, you can make your Security Gateway / Cluster Memberunresponsive.

-A -e "<Entry>"

Adds the specified entry to the specified kernel table - in all CoreXL Firewall instances.

If a kernel table has the "expire" attribute, when you add an entry with the "-A -e <Entry>" parameter, the new entry gets the default table timeout.

You can use this parameter only locally on a Security Gateway / Cluster Member.

Important - Each kernel table has its own internal format.

Warning - If you add a wrong entry, you can make your Security Gateway / Cluster Member unresponsive.

-c

Shows formatted kernel table data in the common format. This is the default.

The parameters "-c" and "-s" are mutually exclusive.

-e "<Entry>"

Specifies the entry in the kernel table.

Important - Each kernel table has its own internal format.

For the "Connections" (ID 8158) table, see sk65133.

-f

Shows formatted kernel table data. For example, shows:

  • All IP addresses and port numbers in the decimal format.

  • All dates and times in human readable format.

The parameter "-r" resolves IP addresses into hostnames.

Note - Each table can use a different style.

Important - If the specified kernel table is large, this consumes a large amount of RAM. This can make your Security Gateway unresponsive.

-o <Output File>

Saves the output in the specified file in the CL format as a Check Point Firewall log.

You can later open this file with the fw log command.

If you do not specify the full path explicitly, this command saves the output file in the current working directory.

-m <Limit>

Specifies the maximum number of kernel table entries to show.

This command counts the entries from the beginning of the kernel table.

The parameters "-m" and "-u" are mutually exclusive.

-s

Shows a short summary of the kernel table data.

The parameters "-s" and "-c" are mutually exclusive.

-u

Specifies to show an unlimited number of kernel table entries.

The parameters "-u" and "-m" are mutually exclusive.

Important - If the specified kernel table is large, this consumes a large amount of RAM. This can make your Security Gateway unresponsive.

-v

Shows the CoreXL Firewall instance number as a prefix for each line.

-x [-e <Entry>]

Deletes all entries or the specified entry from the specified kernel table.

You can use this parameter only locally on a Security Gateway / Cluster Member.

Warning - We do not recommend this command for any production use, only for debugging and experimenting.

If you delete a wrong entry, you can break the current connections through your Security Gateway / Cluster Member.

This includes the remote SSH connection.

For more information, see sk103876.

-y

Specifies not to show a prompt before Security Gateway executes a command.

Applies to these parameters: "-a", "-A", and "-x".

-z [-l]

In the "Connections" table (ID 8158) shows only connections in Slow Path (F2F) and the reason why acceleration is not possible for each connection.

These are connections that SecureXL cannot accelerate and forwards to the Firewall.

The parameter "-l" shows statistics for connections.

The parameter "-z" implicitly runs the parameter "-u".

The parameters "-z" and "-M" are mutually exclusive.

See the corresponding example (with the legend) below.

-M

In the "Connections" table (ID 8158) shows Used Memory and Peak Memory for each connection.

The parameter "-M"implicitly runs the parameter "-u".

The parameters "-M" and "-z" are mutually exclusive.

See the corresponding example (with the legend) below.

<Name of Object>

Appplies only when you run this command on the Management Server.

Specifies the name of the Security Gateway or Cluster Member object (as defined in SmartConsole), from which to show the information.

This requires the established SIC with the Security Gateway / Cluster Member.

If you do not use this parameter, the default is localhost.

Examples

[Expert@MyGW:0]# fw tab -s
HOST                  NAME                                ID #VALS #PEAK #SLINKS
localhost             vsx_firewalled                       0     1     1       0
localhost             firewalled_list                      1     2     2       0
localhost             external_firewalled_list             2     0     0       0
localhost             management_list                      3     2     2       0
localhost             external_management_list             4     0     0       0
localhost             log_server_list                      5     0     0       0
localhost             ips1_sensors_list                    6     0     0       0
localhost             all_tcp_services                     7   141   141       0
localhost             tcp_services                         8     1     1       0
... ...
localhost             connections                       8158     2    56       2
... ...
localhost             up_251_rule_to_clob_uuid         14083     0     0       0
... ...
localhost             urlf_cache_tbl                      29     0     0       0
localhost             proxy_outbound_conn_tbl             30     0     0       0
localhost             dns_cache_tbl                       31     0     0       0
localhost             appi_referrer_table                 32     0     0       0
localhost             uc_hits_htab                        33     0     0       0
localhost             uc_cache_htab                       34     0     0       0
localhost             uc_incident_to_instance_htab        35     0     0       0
localhost             fwx_cntl_dyn_ghtab                  36     0     0       0
localhost             frag_table                          37     0     0       0
localhost             dos_blacklist_notifs                38     0     0       0
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fw tab -t connections
localhost:
-------- connections --------
dynamic, id 8158, num ents 0, load factor 0.0, attributes: keep, sync, aggressive aging, kbufs 21 22 23 24 25 26 27 28 29 30 31 32 33 34, expires 25, refresh, , hashsize 2097152, unlimited
<00000000, c0a8cc01, 0000d28d, c0a8cc28, 00000016, 00000006; 0001c001, 00044000, 00000002, 000001e1, 00000000, 5b9687cd, 00000000, 28cca8c0, c0000001, 00000001, 00000001, ffffffff, ffffffff, 02007800, 000f9000, 00000080, 00000000, 00000000, 38edac90, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 1996/3600> 
<00000001, c0a8cc28, 00000016, c0a8cc01, 0000d28d, 00000006> -> <00000000, c0a8cc01, 0000d28d, c0a8cc28, 00000016, 00000006> (00000805)
<00000000, c0a8cc01, 0000c9f6, c0a8cc28, 00000016, 00000006; 0001c001, 00044000, 00000002, 000001e1, 00000000, 5b9679de, 00000000, 28cca8c0, c0000001, 00000001, 00000001, ffffffff, ffffffff, 02007800, 000f9000, 00000080, 00000000, 00000000, 38edaa98, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3597/3600> 
<00000001, c0a8cc28, 00000016, c0a8cc01, 0000c9f6, 00000006> -> <00000000, c0a8cc01, 0000c9f6, c0a8cc28, 00000016, 00000006> (00000805)
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fw tab -t connections -f
 Using cptfmt
Formatting table's data - this might take a while...
 
localhost:
 Date: Sep 10, 2018
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv;  : (+)====================================(+); Table_Name: connections; : (+); Attributes: dynamic, id 8158, attributes: keep, sync, aggressive aging, kbufs 21 22 23 24 25 26 27 28 29 30 31 32 33 34, expires 25, refresh, , hashsize 2097152, unlimited; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 55411; Dest: 192.168.204.1; DPort: 53; Protocol: udp; CPTFMT_sep: ;; Type: 131073; Rule: 0; Timeout: 335; Handler: 0; Ifncin: -1; Ifncout: -1; Ifnsin: 1; Ifnsout: 1; Bits: 0000780000000000; Expires: 2/40; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 53901; Dest: 192.168.204.40; DPort: 22; Protocol: tcp; CPTFMT_sep: ;; Type: 114689; Rule: 2; Timeout: 481; Handler: 0; Ifncin: 1; Ifncout: 1; Ifnsin: -1; Ifnsout: -1; Bits: 02007800000f9000; Expires: 2002/3600; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 22; Dest: 192.168.204.1; DPort: 53901; Protocol: tcp; CPTFMT_sep_1: ->; Direction_1: 0; Source_1: 192.168.204.1; SPort_1: 53901; Dest_1: 192.168.204.40; DPort_1: 22; Protocol_1: tcp; FW_symval: 2053; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 51702; Dest: 192.168.204.40; DPort: 22; Protocol: tcp; CPTFMT_sep: ;; Type: 114689; Rule: 2; Timeout: 481; Handler: 0; Ifncin: 1; Ifncout: 1; Ifnsin: -1; Ifnsout: -1; Bits: 02007800000f9000; Expires: 3600/3600; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 1; Source: 192.168.204.40; SPort: 22; Dest: 192.168.204.1; DPort: 51702; Protocol: tcp; CPTFMT_sep_1: ->; Direction_1: 0; Source_1: 192.168.204.1; SPort_1: 51702; Dest_1: 192.168.204.40; DPort_1: 22; Protocol_1: tcp; FW_symval: 2053; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
 
 20:30:48 5 N/A  N/A    192.168.204.40 > N/A  LogId: <max_null>; ContextNum: <max_null>; OriginSicName: cn=cp_mgmt,o=MyGW..44jkyv; : -----------------------------------(+); Direction: 0; Source: 192.168.204.1; SPort: 53; Dest: 192.168.204.40; DPort: 55411; Protocol: udp; CPTFMT_sep_1: ->; Direction_2: 1; Source_2: 192.168.204.40; SPort_2: 55411; Dest_2: 192.168.204.1; DPort_2: 53; Protocol_2: udp; FW_symval: 2054; LastUpdateTime: 10Sep2018 20:30:48; ProductName: VPN-1 & FireWall-1; ProductFamily: Network;
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fw tab -t connections -m 2
localhost:
-------- connections --------
dynamic, id 8158, num ents 0, load factor 0.0, attributes: keep, sync, aggressive aging, kbufs 21 22 23 24 25 26 27 28 29 30 31 32 33 34, expires 25, refresh, , hashsize 2097152, unlimited
<00000000, c0a8cc01, 0000d28d, c0a8cc28, 00000016, 00000006; 0001c001, 00044000, 00000002, 000001e1, 00000000, 5b9687cd, 00000000, 28cca8c0, c0000001, 00000001, 00000001, ffffffff, ffffffff, 02007800, 000f9000, 00000080, 00000000, 00000000, 38edac90, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 1961/3600> 
<00000001, c0a8cc28, 00000016, c0a8cc01, 0000d28d, 00000006> -> <00000000, c0a8cc01, 0000d28d, c0a8cc28, 00000016, 00000006> (00000805)
...(4 More)
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fw tab -t 8158 -v
localhost:
-------- connections --------
dynamic, id 8158, num ents 6, load factor 0.0, attributes: keep, sync, aggressive aging, kbufs 21 22 23 24 25 26 27 28 29 30 31 32 33 34, expires 25, refresh, , hashsize 2097152, unlimited
[fw_0] <00000001, c0a80335, 00004710, c0a803f0, 00008652, 00000006> -> <00000000, c0a803f0, 00008652, c0a80335, 00004710, 00000006> (00000805)
[fw_0] <00000001, c0a80335, 00008adf, c0a803f0, 0000470f, 00000006; 0002d001, 00046000, 10000000, 0000000e, 00000000, 5b9a4129, 00030000, 3503a8c0, c0000000, ffffffff, ffffffff, 00000001, 00000001, 00000800, 00000000, 80008080, 00000000, 00000000, 338ea330, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3162/3600> 
[fw_0] <00000000, c0a803f0, 00008652, c0a80335, 00004710, 00000006; 0001c001, 00044000, 12000000, 0000000f, 00000000, 5b8fed6a, 00030001, 3503a8c0, c0000000, 00000001, 00000001, ffffffff, ffffffff, 00000800, 08000000, 00000080, 00000000, 00000000, 337b0978, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3599/3600> 
[fw_0] <00000000, c0a803f0, 0000470f, c0a80335, 00008adf, 00000006> -> <00000001, c0a80335, 00008adf, c0a803f0, 0000470f, 00000006> (00000806)
[fw_0] <00000001, c0a80334, 00004710, c0a803f0, 0000a659, 00000006> -> <00000000, c0a803f0, 0000a659, c0a80334, 00004710, 00000006> (00000805)
[fw_0] <00000000, c0a803f0, 0000a659, c0a80334, 00004710, 00000006; 0001c001, 00044100, 12000000, 0000000f, 00000000, 5b8feabb, 0000007a, 3403a8c0, c0000000, ffffffff, ffffffff, ffffffff, ffffffff, 00000000, 10000000, 04000080, 00000000, 00000000, 3364aed0, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3484/3600> 
[fw_1] <00000001, c0a80334, 00004710, c0a803f0, 0000bc74, 00000006> -> <00000000, c0a803f0, 0000bc74, c0a80334, 00004710, 00000006> (00000805)
[fw_1] <00000001, c0a80335, 00000016, ac14a810, 0000e056, 00000006> -> <00000000, ac14a810, 0000e056, c0a80335, 00000016, 00000006> (00000805)
[fw_1] <00000000, ac14a810, 0000e056, c0a80335, 00000016, 00000006; 0001c001, 00044000, 00000003, 000001df, 00000000, 5b9a3832, 00030000, 3503a8c0, c0000001, 00000001, 00000001, ffffffff, ffffffff, 00000800, 08000000, 00000080, 00000000, 00000000, 33410370, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3600/3600> 
[fw_1] <00000000, c0a803f0, 0000bc74, c0a80334, 00004710, 00000006; 0001c001, 00044100, 12000000, 0000000f, 00000000, 5b8fe89b, 00000001, 3403a8c0, c0000001, ffffffff, ffffffff, ffffffff, ffffffff, 00000000, 10000000, 04000080, 00000000, 00000000, 335841e0, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3600/3600> 
[fw_2] <00000000, c0a803f0, 0000ab74, c0a80335, 00004710, 00000006; 0001c001, 00044000, 12000000, 0000000f, 00000000, 5b8fed7e, 00030000, 3503a8c0, c0000002, 00000001, 00000001, ffffffff, ffffffff, 00000800, 08000000, 00000080, 00000000, 00000000, 33337660, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 3556/3600> 
[fw_2] <00000001, c0a80335, 00004710, c0a803f0, 0000ab74, 00000006> -> <00000000, c0a803f0, 0000ab74, c0a80335, 00004710, 00000006> (00000805)
[fw_2] <00000001, c0a80335, 00001fb4, 00000000, 00001fb4, 00000011> -> <00000000, 00000000, 00001fb4, c0a80335, 00001fb4, 00000011> (00000805)
[fw_2] <00000000, 00000000, 00001fb4, c0a80335, 00001fb4, 00000011; 00010001, 00004000, 00000003, 00000028, 00000000, 5b8fed76, 00030000, 3503a8c0, c0000002, 00000001, ffffffff, ffffffff, ffffffff, 00000800, 08000000, 00000084, 00000000, 00000000, 336d4e30, ffffc200, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 38/40> 
[fw_2] <00000000, 00000000, 00001fb4, c0a80334, 00001fb4, 00000011; 00010001, 00004100, 00000003, 00000028, 00000000, 5b8fed72, 0000025f, 3403a8c0, c0000002, ffffffff, ffffffff, ffffffff, ffffffff, 00000000, 10000000, 04000084, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000, 00000000; 39/40> 
[fw_2] <00000001, c0a80334, 00001fb4, 00000000, 00001fb4, 00000011> -> <00000000, 00000000, 00001fb4, c0a80334, 00001fb4, 00000011> (00000805)
Table fetched in 3 chunks
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fw tab -t connections -z
Dir  Source IP        SPort  Destination IP   DPort  PR  FW State         Expires        SXL ID  Reason                            Total Pkts  Total Bytes  Duration    Last Seen
---  ---------------  -----  ---------------  -----  --  ---------------  -------------  ------  --------------------------------  ----------  -----------  ----------  -----------
1    172.23.7.34      60660  172.23.39.5      53     17  UDP              3/40           N/A     Local connection                  2           601B         37s         37s
1    172.23.7.34      22     172.20.38.105    65509  6   Link
0    172.20.38.105    64285  172.23.7.34      22     6   TCP Estab.       3600/3600      N/A     Local incoming connection         192         20.16KB      38s         0s
0    172.23.7.86      67     255.255.255.255  68     17  UDP              30/40          N/A     Local incoming connection         556         178.09KB     107h58m33s  9s
0    172.20.38.105    65509  172.23.7.34      22     6   TCP Estab.       1990/3600      N/A     Local incoming connection         122         27.15KB      107h58m27s  107h53m54s
0    0.0.0.0          0      224.0.0.1        0      2   IGMP             21/60          N/A     Local incoming connection         1           36B          107h27m43s  107h27m43s
1    172.23.7.34      22     172.20.38.105    64285  6   Link
0    172.23.39.5      53     172.23.7.34      60660  17  Link
0    172.23.39.5      53     172.23.7.34      60048  17  Link
1    172.23.7.34      18192  172.23.7.32      47062  6   Link
0    172.20.38.105    64286  172.23.7.34      22     6   TCP Estab.       3567/3600      N/A     Local incoming connection         44          10.58KB      33s         33s
0    172.23.7.32      47062  172.23.7.34      18192  6   TCP Estab.       3591/3600      N/A     Local incoming connection         40          12.57KB      9s          9s
1    172.23.7.34      60048  172.23.39.5      53     17  UDP              2/40           N/A     Local connection                  2           602B         38s         38s
1    172.23.7.34      22     172.20.38.105    64286  6   Link
1    172.23.7.34      52786  172.23.39.5      53     17  UDP              2/40           N/A     Local connection                  2           553B         38s         38s
15 slow-path connections out of 100 connections
[Expert@MyGW:0]#

Legend:

Column

Description

Dir

The direction of the connection:

  • 0 - Client to Server (request).

  • 1 - Server to Client (response).

Source IP

Source IP address of the connection.

SPort

Source Port of the connection.

See IANA Service Name and Port Number Registry.

Destination IP

Destination IP address of the connection.

DPort

Destination Port of the connection.

See IANA Service Name and Port Number Registry.

PR

Protocol number of the connection:

  • 6 - TCP

  • 17 - UDP

See IANA Protocol Numbers

FW State

Connection state in the Firewall.

Expires

How many seconds remain before the connection expires (based on the maximum expiration time).

Also, refer to the "Duration" column.

For example, 1990/3600 means:

  • The maximum expiration time is 3600 seconds.

  • If the connection remains idle for the next 1990 seconds, it expires in the "Connections" table.

SXL ID

SecureXL Instance ID.

Currently not used.

Reason

Reason for why SecureXL cannot accelerate this connection.

Total Pkts

The number of packets transferred in this connection.

Total Bytes

The number of bytes transferred in this connection.

Duration

How many seconds this connection is open.

Also, refer to the "Expires" column.

Last Seen

How many seconds passed since the last packet transferred in this connection.

 
[Expert@MyGW:0]# fw tab -t connections -M

Dir  Source IP        SPort  Destination IP   DPort  PR  FW State         Expires        Used Memory  Peak Memory  Duration
---  ---------------  -----  ---------------  -----  --  ---------------  -------------  -----------  -----------  ----------
0    3.3.3.3          80     192.168.3.57     47437  17  Link
1    192.168.3.57     47437  3.3.3.3          80     17  UDP              15/40          0B           0B           25s
0    17.23.5.3        18192  192.168.3.57     24764  6   Link
1    192.168.3.57     54533  17.23.5.3        18192  6   TCP None         2/25           0B           0B           23s
0    172.20.219.13    64684  192.168.3.57     22     6   TCP Estab.       3598/3600      0B           0B           2m39s
1    192.168.3.57     41565  17.23.5.2        18192  6   TCP None         12/25          0B           0B           13s
0    17.23.5.2        18192  192.168.3.57     37193  6   Link
1    192.168.3.57     22     172.20.219.13    64684  6   Link
1    192.168.3.57     61561  17.23.5.3        18192  6   TCP None         22/25          0B           0B           3s
0    17.23.5.3        18192  192.168.3.57     49757  6   Link
[Expert@MyGW:0]#

Legend:

Column

Description

Dir

The direction of the connection:

  • 0 - Client to Server (request)

  • 1 - Server to Client (response)

Source IP

Source IP address of the connection.

SPort

Source Port of the connection.

See IANA Service Name and Port Number Registry.

Destination IP

Destination IP address of the connection.

DPort

Destination Port of the connection.

See IANA Service Name and Port Number Registry.

PR

Protocol number of the connection:

  • 6 - TCP

  • 17 - UDP

See IANA Protocol Numbers

FW State

Connection state in the Firewall.

Expires

How many seconds remain before the connection expires (based on the maximum expiration time).

Also, refer to the "Duration" column.

For example, 1990/3600 means:

  • The maximum expiration time is 3600 seconds.

  • If the connection remains idle for the next 1990 seconds, it expires from the Firewall "Connections" table.

Used Memory

Currently used memory for this connection.

Peak Memory

Maximum used memory for this connection (since it was recorded).

Duration

How many seconds this connection is open.

Also, refer to the "Expires" column.