Module "MUX" (Multiplexer for Applications Traffic)

R80.20 introduced a new layer between the Streaming layer and the Applications layer - MUX (Multiplexer).

Applications are registered to the Streaming layer through the MUX layer.

The MUX layer chooses to work over PSLClosed Passive Streaming Library. Packets may arrive at Security Gateway out of order, or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases, a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with the Passive Streaming Library (PSL) technology. (1) The PSL is an infrastructure layer, which provides stream reassembly for TCP connections. (2) The Security Gateway makes sure that TCP data seen by the destination system is the same as seen by code above PSL. (3) The PSL handles packet reordering, congestion, and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks, and others. (4) The PSL is capable of receiving packets from the Firewall chain and from the SecureXL. (5) The PSL serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks. (6) The PSL infrastructure is wrapped with well-defined APIs called the Unified Streaming APIs, which are used by the applications to register and access streamed data. (passive streaming) or CPAS (active streaming).

Syntax

Flag

Description

active

CPAS (active streaming)

Note - In addition, see Module "CPAS" (Check Point Active Streaming).

advp

Advanced Patterns (signatures over port ranges)

api

API calls

comm

Information about opening and closing of connections

error

General errors

http_disp

HTTP Dispatcher

misc

Miscellaneous helpful information (not shown with other debug flags)

passive

PSL (passive streaming)

Note - In addition, see Module "PSL" (Passive Streaming Library).

proxy_tp

Proxy tunnel parser

stream

General information about the data stream

test

Currently is not used

tier1

Pattern Matcher 1st tier (fast path)

tls

General information about the TLS

tlsp

TLS parser

tol

Test Object List algorithm (to determine whether an application is malicious or not)

udp

UDP parser

warning

General warnings

ws

Web Intelligence