Friday, December 30, 2011

F5 : Bigip Platform Naming Conversion

Supported platforms

This installation method is supported only on the following platforms:

  • BIG-IP 520 and 540 (D35)
  • BIG-IP 1000 (C36)
  • BIG-IP 1500 (C36)
  • BIG-IP 1600 (C102)
  • BIG-IP 2400 (D44)
  • BIG-IP 3400 (C62)
  • BIG-IP 3410 (C100)
  • BIG-IP 3600 (C103)
  • BIG-IP 3900 (C106)
  • BIG-IP 4100 (D46) (for standalone Application Security Manager installations)
  • BIG-IP 5100 and 5110 (D51)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)
  • BIG-IP 6900 (D68)
  • BIG-IP 8400 (D84)
  • BIG-IP 8800 (D88)
  • BIG-IP 8900 (D106)

If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number

Wednesday, December 28, 2011

CIsco ASA - FW priority and state

It has been sometime since I posted something related to ASA :),

How to see the FW status in a cluster?

Defenitely you can see this by running "show failover" but what if you dont have enable access.. Infact no way (Both Name in ASA will be same by default)

But following command can help you,

conf t#

prompt hostname context priority state

Now you will see the priority and state of FW along with the name., no need to be in enable mode :)

Tuesday, December 27, 2011

Checkpoint : Connection / NAT Tables

NAT Cache Table

[Expert@GEHfiSJPhino11]# fw tab -t fwx_cache -s
localhost fwx_cache 8116 7965 13295 0

NAT Table

[Expert@GEHfiSJPhino11]# fw tab -t fwx_alloc -s
localhost fwx_alloc 8187 72 3460 0

Connection Table
[Expert@GEHfiSJPhino11]# fw tab -t connections -s
localhost connections 8158 14144 26665 56550

Wednesday, December 21, 2011

Checkpoint : SecureXL

When SecureXL is enabled, all traffic should be accelerated, except traffic that matches the following conditions:
  • The first packets of any new TCP session, unless a "template" exists.
  • The first packet of any new UDP session.
  • All traffic that matches a service that uses a Resource.
  • Certain traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature. For example, traffic on which SSH protections are activated is not accelerated. For more details, refer to sk42401: Factors that adversely affect performance in SecureXL.
  • All traffic that is supposed to be dropped or rejected, according to the rule base.
  • All traffic that matches a rule, whose source or destination is the Gateway itself.
  • All traffic that matches a rule with a Security Server.
  • All traffic that matches a rule with User Authentication or Session Authentication.
  • Non-TCP/UDP/GRE/ESP traffic.
  • All multicast traffic.
  • All fragmented traffic.
  • All traffic with IP options.
  • RST packets, when the "Spoofed Reset Protection" feature is activated.
  • When using ClusterXL in Load Sharing mode with 'Sticky Decision Function'.
  • Traffic that violates stateful inspection paradigm, or that is suspected to be spoofed.
  • IPv6 traffic

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the Source Port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the Security Gateway's kernel, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

There are several conditions that will prevent a template from being created:

  • Connections that cannot be discriminated ONLY by the source port cannot be templated.
  • NATed traffic cannot be templated.
  • VPN traffic cannot be templated.
  • Complex connections (FTP, H323, etc.) cannot be templated.
  • Non-TCP/Non-UDP traffic cannot be templated.
  • The following rules will prevent a Connection Template from being created. All subsequent rules below such rules will not be templated as well, regardless of the rule. It is advised that all rules that can be templated, be placed at the top of the rule base (unless of course, this will violate other optimization considerations):
    • Rule with service 'Any'
    • Rule with a service that has a 'handler' (where a specific protocol is chosen in 'Protocol Type' field - instead of 'None' ; go to service object - right-click - Edit... - Advanced... - Protocol Type:).
    • Rules with the following objects:
      • Time object
      • Port range object
      • Dynamic object
    • Rules with "complex" services (i.e., services that have anything specified in the "Match" field, or "Enable reply from any port" of their "Advanced" section or Source Port is defined).
    • Rules with RPC/DCOM/DCE-RPC services.
    • Rules with Client Authentication or Session Authentication.
    • When SYN Defender or Small PMTU features are activated in SmartDefense/IPS

Sunday, December 18, 2011

Checkpoint : Memory

failures mean that the hmem is full. This is not a real memory problem, but indicates a configuration problem. If low hmem limit was configured, it leads to improper usage of the OS memory.
Possible reasons for
smem failures are: smem reached its limit, exhausted the OS memory or large non-sleep allocations. This can indicate some memory shortage.

failed allocations means that some applications did not get memory. his is usually an indication for a memory problem. The most common memory problem is memory shortage. Memory shortage sometimes indicates a memory leak. In order to troubleshoot memory shortage, stop the load and let connections close.

In case memory consumption went back to normal, you are not dealing with a memory leak. Such shortage might happen when traffic volumes are too high for the device capacity. If the memory shortage happens after a change in the system or the environment, undo the change, and check whether kmem memory consumption goes down.

Checkpoint : Delete old log files on SPLAT machines

There is no way to configure your SPLAT box or UTM-1 appliance in a way, that only logs for the last X days were kept.

The only work-around would be to configure on the firewall object -> Logs and Masters -> Required Free Disc Space together with the option Do not delete log files from the last X days.

By configuring a very high value for required free disc space you could have the script run every day and with the other option prevent it from deleting the needed logs.

OR – you could implement a short script:

[Expert@fw1]# cat /usr/bin/


/usr/bin/find /var/log/opt/CPsuite-R65/fw1/*.log* -ctime +217 -print -exec rm -f {} \;

The parameter ctime is the amount of days for the logs to keep.

Run the script with cron:

[Expert@fw1]# crontab -l

# DO NOT EDIT THIS FILE - edit the master and reinstall.

# (/tmp/crontab.19431 installed on Mon May 10 10:21:33 2010)

# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)

42 11 * * * /usr/bin/

50 2 * * 1,2,3,4,5,6,7 backup_util sched

Now you’re able to delete the old logs as you like. If you backup your firewall or SmartCenter to your local disc, maybe you want to do this with your backups, too?

Friday, December 16, 2011

Checkpoint - SecureXL

When SecureXL is enabled, all traffic that matches following conditions will not be accelerated:

* The first packets of any new TCP session, unless a "template" exists.
* The first packet of any new UDP session.
* All traffic that matches a service that uses a resource.
* All traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature.
* All traffic that is supposed to be dropped or rejected, according to the rule base.
* All traffic that matches a rule, whose source or destination is the gateway itself.
* All traffic that matches a rule with a security server.
* All traffic that matches a rule with user authentication or session authentication.
* Non-TCP/UDP/GRE/ESP trafic (e.g. ICMP, IGRP, etc.)
* All multicast traffic. **** Prior to IPSO-3.9. In IPSO-3.9 has support for Multicast PIM acceleration for IP225x. IPSO-4.2 supports Multicast PIM acceleration for all Nokia Platforms.
* All fragmented traffic.
* All traffic with IP options.
* RST packets, when the "Spoofed Reset Protection" feature is activated.
* Traffic that violates stateful inspection paradigm or that is suspected to be spoofed.
* Rules where the service has an INSPECT handler (e.g. FTP control connection)
* Rules with action "encrypt" with no VPN H/W Accelerator card.
* All VoIP traffic
* All VPN traffic with IP Compression enabled.
* All directed broadcast traff

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the source port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the security gateway, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

Conditions that will prevent a template from being created:

* All connections that cannot be discriminated ONLY by the source port.
* Traffic subject to NAT.
* VPN traffic.
* Non-trivial TCP/UDP connections (FTP, H323, etc.).
* Non-TCP/UDP traffic.

Thursday, December 8, 2011

FTP : Active/Passive Modes


Two types - Active and Passive

Passive : Client will always intaiate connection

1. Client:Hightport -> server:21
2. Server will reply with a hightend port (>1023) in PORT command
3. Client:Hightport -> Server : high port (which server replied with port command)
4. Server will ACK the 3rd step

Passive FTP :

command : client >1023 -> server 21
data : client >1023 -> server >1023

Active : Both Client and Server intaiates connection

1. Client:HighPOrt->Server:21 and issues port command with (Highport+1) say 1024+1=1025 to connect back
2. Server :21-> Client : Highport :- Server ACK the connection
3. Server : 20->Client:Hightport+1 (the one mentioned in the port command in step 2)
4. Client:Hightport+1->server: 20 :- Client Send ACK to Server

Active FTP :
command : client >1023 -> server 21
data : client >(1023+1) <- server 20

Tuesday, December 6, 2011


ust ssh to the IP that you configured the iLO

admin@shellcore:~ $ ssh admin@
admin@′s password:
User: admin logged-in to ILO_TESTLABHP.(
iLO 2 Advanced Evaluation 1.81 at
Server Name: proliant_g5
Server Power: On


Since I will access through a text terminal, Linux is configured to use the serial port (configured through the file /boot/grub/grub.conf)

hpiLO-> help


help : Used to get context sensitive help.
show : Used to show values of a property or contents of a collection target.
create : Used to create new user account in the name space of the MAP.
Example: create /map1/accounts1 username= password=

delete : Used to delete user account in the name space of the MAP.
Example: delete /map1/accounts1/

load : Used to move a binary image from an URL to the MAP. The URL is
limited to 80 characters
Example : load -source

reset : Used to cause a target to cycle from enabled to disabled and back to

set : Used to set a property or set of properties to a specific value.
start : Used to cause a target to change state to a higher run level.
stop : Used to cause a target to change state to a lower run level.
cd : Used to set the current default target.
Example: cd targetname

exit : Used to terminate the CLP session.
version : Used to query the version of the CLP implementation or other CLP

oemhp_ping : Used to determine if an IP address is reachable from this iLO 2.
Example : oemhp_ping , where is the IP address that you wish
to ping

oemhp_loadSSHKey : Used to authorize a SSH Key File from an URL The URL is
limited to 80 characters
Example : oemhp_loadSSHKey -source http://UserName:password@

HP CLI Commands:

POWER : Control server power.
UID : Control Unit-ID light.
NMI : Generate an NMI.
VM : Virtual media commands.
VSP : Invoke virtual serial port.

Type VSP and you’re in. To login as root you need to include the serial port (in this case ttyS1) on your /etc/securetty file or you will be given the error message that your user or password is wrong.

hpiLO-> VSP

Starting virtual serial port.
Press ‘ESC (‘ to return to the CLI Session.

hpiLO-> Virtual Serial Port active: IO=0x02F8 INT=3

login as:

To exit, press Esc and then ( – left parenthesis

Checkpoint : SNMP Support : cpsnmpd

urrently, cpsnmpd only support SNMP version 1. As shown in last line of /var/etc/snmpd.conf.
proxy -v 1 -p 260 -c public localhost .

Check Point snmp daemon (cpsnmpd) process is binded to port 260 (as opposed to the default port 161). cpsnmpd can be enabled via cpconfig [select 'SNMP Extensions'] or $FWDIR/bin/cpsnmpd -p 260 command. Since IPSO 3.1, IPSO is able to act as proxy to poll Checkpoint MIBs. I.e, user can poll Checkpoint MIB via port 161.

The following shows the output of snmp polling on port 260 using snmp version 1 & 2c. 'public' was used as snmp community name.

SNMP polling was successfully when SNMP version 1 was used

[root@linux root]# snmpwalk -v 1 -c public -On .

. = STRING: "Standard"

[root@linux root]#

SNMP polling failed when SNMP version 2c was used

[root@linux root]# snmpwalk -v 2c -c public -On .

Timeout: No Response from

[root@linux root]#

SNMP polling using v2c without port 260 was successful

[root@linux root]# snmpwalk -v 2c -c public .

SNMPv2-SMI::enterprises.2620. = STRING: "Standard"

[root@linux root]#

Monitoring Checkpoint Firewalls with SNMP

I've been doing some work for a client with Checkpoint Firewalls (running Secure Platform, or SPLAT), and wanted to monitor them using SNMP. The two main reasons being;

1. To graph Accepted/Dropped/Rejected packets over time and

2. To Poll the Firewalls for status using 3rd Party Management Tools like "Whats Up Gold" and "BMC Patrol".

So a brief summary of what I had to do to get it to work correctly:

1. Enable SNMPD
chkconfig snmpd on
service snmpd start

2. Edit /etc/snmp/snmpd.conf
Add "rocommunity NotPublicCommunityString"
Add "proxy -v1 -c public ."

3. Edit $FWDIR/conf/snmp.C

Add :snmp_community (
:read (“public”)

4. Run cpconfig, and enable the cpsnmpd extension

5. Add required security rule to permit access to the firewall from the management server(s) (SNMP-UDP/161) (You don't need to permit access to cpsnmpd-UDP/260)

Following these changes you should be able to do a 'netstat -an' and see the cpsnmpd listening on :260, and perform a local snmp check:
snmpwalk -v1 -c public localhost

Gotchas to note:

1. The local snmpwalk above uses the "public" string - the one in snmp.C - NOT the one in snmpd.conf

2. snmpwalk from a remote host uses the "NotPublicCommunityString" - not "public"

3. snmpwalk locally (and maybe remotely) using just the OID causes the cpsnmpd process to die (need to restart it using '$CPDIR/bin/cpsnmpd -p 260' or cpstop, cpstart)

Once the above are done the management servers can query the enforcement module for Checkpoint SNMP OIDs, such as accepted packets, dropped packets and Checkpoint OS OIDs like CPU usage (accurate), memory usage etc. These queries go to the Firewall on UDP/161 and internally the snmpd process proxies the snmp request for OID . (checkpoint) to the cpsnmpd process on UDP/260.

This happens by default in Nokia IPSO, but not on SecurePlatform.

Some good OIDs to Graph:

Active Real Memory .
Total Real Memory .
Packets accepted .
Packets dropped .
Packets rejected .
Packets logged .
Current connections .
Processor (System) .
Processor (User) .

And good OIDs to monitor for status:
Firewall Module State (Installed) .
Processor Usage .

Useful Links:

Cacti - An excellent (+free) web front end to MRTG/RRD-Tool

Cacti Templates Index - Although the supplied Checkpoint/Nokia ones didnt work for me without customisation. I created some more graphs and data sources using the above OIDs.

What's Up Gold - The new version is very nice. Excellent Web based multi-user UI.

Checkpoint : SNMP OID

Object NameObject Identifier
checkpoint checkpoint
products products
fw fw
fwModuleState fwModuleState
fwProduct fwProduct
fwEvent fwEvent
fwFilterName fwFilterName
fwProdName fwProdName
fwVerMajor fwVerMajor
fwVerMinor fwVerMinor
fwKernelBuild fwKernelBuild
fwPolicyStat fwPolicyStat
fwPolicyName fwPolicyName
fwInstallTime fwInstallTime
fwNumConn fwNumConn
fwPeakNumConn fwPeakNumConn
fwIfTable fwIfTable
fwIfEntry fwIfEntry
fwIfIndex fwIfIndex
fwDropPcktsOut fwDropPcktsOut
fwRejectPcktsIn fwRejectPcktsIn
fwRejectPcktsOut fwRejectPcktsOut
fwLogIn fwLogIn
fwLogOut fwLogOut
fwIfName fwIfName
fwAcceptPcktsIn fwAcceptPcktsIn
fwAcceptPcktsOut fwAcceptPcktsOut
fwAcceptBytesIn fwAcceptBytesIn
fwAcceptBytesOut fwAcceptBytesOut
fwDropPcktsIn fwDropPcktsIn
fwPerfStat fwPerfStat
fwHmem fwHmem
fwHmem-block-size fwHmem-block-size
fwHmem-maximum-pools fwHmem-maximum-pools
fwHmem-bytes-used fwHmem-bytes-used
fwHmem-blocks-used fwHmem-blocks-used
fwHmem-bytes-unused fwHmem-bytes-unused
fwHmem-blocks-unused fwHmem-blocks-unused
fwHmem-bytes-peak fwHmem-bytes-peak
fwHmem-blocks-peak fwHmem-blocks-peak
fwHmem-bytes-internal-use fwHmem-bytes-internal-use
fwHmem-number-of-items fwHmem-number-of-items
fwHmem-alloc-operations fwHmem-alloc-operations
fwHmem-requested-bytes fwHmem-requested-bytes
fwHmem-free-operations fwHmem-free-operations
fwHmem-failed-alloc fwHmem-failed-alloc
fwHmem-failed-free fwHmem-failed-free
fwHmem-initial-allocated-bytes fwHmem-initial-allocated-bytes
fwHmem-initial-allocated-blocks fwHmem-initial-allocated-blocks
fwHmem-initial-allocated-pools fwHmem-initial-allocated-pools
fwHmem-current-allocated-bytes fwHmem-current-allocated-bytes
fwHmem-current-allocated-blocks fwHmem-current-allocated-blocks
fwHmem-current-allocated-pools fwHmem-current-allocated-pools
fwHmem-maximum-bytes fwHmem-maximum-bytes
fwKmem fwKmem
fwKmem-system-physical-mem fwKmem-system-physical-mem
fwKmem-non-blocking-bytes-peak fwKmem-non-blocking-bytes-peak
fwKmem-bytes-internal-use fwKmem-bytes-internal-use
fwKmem-number-of-items fwKmem-number-of-items
fwKmem-alloc-operations fwKmem-alloc-operations
fwKmem-free-operations fwKmem-free-operations
fwKmem-failed-alloc fwKmem-failed-alloc
fwKmem-failed-free fwKmem-failed-free
fwKmem-available-physical-mem fwKmem-available-physical-mem
fwKmem-aix-heap-size fwKmem-aix-heap-size
fwKmem-bytes-used fwKmem-bytes-used
fwKmem-blocking-bytes-used fwKmem-blocking-bytes-used
fwKmem-non-blocking-bytes-used fwKmem-non-blocking-bytes-used
fwKmem-bytes-unused fwKmem-bytes-unused
fwKmem-bytes-peak fwKmem-bytes-peak
fwKmem-blocking-bytes-peak fwKmem-blocking-bytes-peak
fwInspect fwInspect
fwInspect-packets fwInspect-packets
fwInspect-operations fwInspect-operations
fwInspect-lookups fwInspect-lookups
fwInspect-record fwInspect-record
fwInspect-extract fwInspect-extract
fwCookies fwCookies
fwCookies-total fwCookies-total
fwCookies-allocfwCookies-total fwCookies-allocfwCookies-total
fwCookies-freefwCookies-total fwCookies-freefwCookies-total
fwCookies-dupfwCookies-total fwCookies-dupfwCookies-total
fwCookies-getfwCookies-total fwCookies-getfwCookies-total
fwCookies-putfwCookies-total fwCookies-putfwCookies-total
fwCookies-lenfwCookies-total fwCookies-lenfwCookies-total
fwChains fwChains
fwChains-alloc fwChains-alloc
fwChains-free fwChains-free
fwFragments fwFragments
fwFrag-fragments fwFrag-fragments
fwFrag-expired fwFrag-expired
fwFrag-packets fwFrag-packets
fwUfp fwUfp
fwUfpHitRatio fwUfpHitRatio
fwUfpInspected fwUfpInspected
fwUfpHits fwUfpHits
fwSS fwSS
fwSS-http fwSS-http
fwSS-http-pid fwSS-http-pid
fwSS-http-sess-curr fwSS-http-sess-curr
fwSS-http-sess-count fwSS-http-sess-count
fwSS-http-auth-sess-max fwSS-http-auth-sess-max
fwSS-http-auth-sess-curr fwSS-http-auth-sess-curr
fwSS-http-auth-sess-count fwSS-http-auth-sess-count
fwSS-http-accepted-sess fwSS-http-accepted-sess
fwSS-http-rejected-sess fwSS-http-rejected-sess
fwSS-http-auth-failures fwSS-http-auth-failures
fwSS-http-ops-cvp-sess-max fwSS-http-ops-cvp-sess-max
fwSS-http-ops-cvp-sess-curr fwSS-http-ops-cvp-sess-curr
fwSS-http-proto fwSS-http-proto
fwSS-http-ops-cvp-sess-count fwSS-http-ops-cvp-sess-count
fwSS-http-ops-cvp-rej-sess fwSS-http-ops-cvp-rej-sess
fwSS-http-ssl-encryp-sess-max fwSS-http-ssl-encryp-sess-max
fwSS-http-ssl-encryp-sess-curr fwSS-http-ssl-encryp-sess-curr
fwSS-http-ssl-encryp-sess-count fwSS-http-ssl-encryp-sess-count
fwSS-http-transp-sess-max fwSS-http-transp-sess-max
fwSS-http-transp-sess-curr fwSS-http-transp-sess-curr
fwSS-http-transp-sess-count fwSS-http-transp-sess-count
fwSS-http-proxied-sess-max fwSS-http-proxied-sess-max
fwSS-http-proxied-sess-curr fwSS-http-proxied-sess-curr
fwSS-http-port fwSS-http-port
fwSS-http-proxied-sess-count fwSS-http-proxied-sess-count
fwSS-http-tunneled-sess-max fwSS-http-tunneled-sess-max
fwSS-http-tunneled-sess-curr fwSS-http-tunneled-sess-curr
fwSS-http-tunneled-sess-count fwSS-http-tunneled-sess-count
fwSS-http-ftp-sess-max fwSS-http-ftp-sess-max
fwSS-http-ftp-sess-curr fwSS-http-ftp-sess-curr
fwSS-http-ftp-sess-count fwSS-http-ftp-sess-count
fwSS-http-time-stamp fwSS-http-time-stamp
fwSS-http-is-alive fwSS-http-is-alive
fwSS-http-logical-port fwSS-http-logical-port
fwSS-http-max-avail-socket fwSS-http-max-avail-socket
fwSS-http-socket-in-use-max fwSS-http-socket-in-use-max
fwSS-http-socket-in-use-curr fwSS-http-socket-in-use-curr
fwSS-http-socket-in-use-count fwSS-http-socket-in-use-count
fwSS-http-sess-max fwSS-http-sess-max
fwSS-ftp fwSS-ftp
fwSS-ftp-pid fwSS-ftp-pid
fwSS-ftp-sess-curr fwSS-ftp-sess-curr
fwSS-ftp-sess-count fwSS-ftp-sess-count
fwSS-ftp-auth-sess-max fwSS-ftp-auth-sess-max
fwSS-ftp-auth-sess-curr fwSS-ftp-auth-sess-curr
fwSS-ftp-auth-sess-count fwSS-ftp-auth-sess-count
fwSS-ftp-accepted-sess fwSS-ftp-accepted-sess
fwSS-ftp-rejected-sess fwSS-ftp-rejected-sess
fwSS-ftp-auth-failures fwSS-ftp-auth-failures
fwSS-ftp-ops-cvp-sess-max fwSS-ftp-ops-cvp-sess-max
fwSS-ftp-ops-cvp-sess-curr fwSS-ftp-ops-cvp-sess-curr
fwSS-ftp-proto fwSS-ftp-proto
fwSS-ftp-ops-cvp-sess-count fwSS-ftp-ops-cvp-sess-count
fwSS-ftp-ops-cvp-rej-sess fwSS-ftp-ops-cvp-rej-sess
fwSS-ftp-time-stamp fwSS-ftp-time-stamp
fwSS-ftp-is-alive fwSS-ftp-is-alive
fwSS-ftp-port fwSS-ftp-port
fwSS-ftp-logical-port fwSS-ftp-logical-port
fwSS-ftp-max-avail-socket fwSS-ftp-max-avail-socket
fwSS-ftp-socket-in-use-max fwSS-ftp-socket-in-use-max
fwSS-ftp-socket-in-use-curr fwSS-ftp-socket-in-use-curr
fwSS-ftp-socket-in-use-count fwSS-ftp-socket-in-use-count
fwSS-ftp-sess-max fwSS-ftp-sess-max
fwSS-telnet fwSS-telnet
fwSS-telnet-pid fwSS-telnet-pid
fwSS-telnet-sess-curr fwSS-telnet-sess-curr
fwSS-telnet-sess-count fwSS-telnet-sess-count
fwSS-telnet-auth-sess-max fwSS-telnet-auth-sess-max
fwSS-telnet-auth-sess-curr fwSS-telnet-auth-sess-curr
fwSS-telnet-auth-sess-count fwSS-telnet-auth-sess-count
fwSS-telnet-accepted-sess fwSS-telnet-accepted-sess
fwSS-telnet-rejected-sess fwSS-telnet-rejected-sess
fwSS-telnet-auth-failures fwSS-telnet-auth-failures
fwSS-telnet-time-stamp fwSS-telnet-time-stamp
fwSS-telnet-is-alive fwSS-telnet-is-alive
fwSS-telnet-proto fwSS-telnet-proto
fwSS-telnet-port fwSS-telnet-port
fwSS-telnet-logical-port fwSS-telnet-logical-port
fwSS-telnet-max-avail-socket fwSS-telnet-max-avail-socket
fwSS-telnet-socket-in-use-max fwSS-telnet-socket-in-use-max
fwSS-telnet-socket-in-use-curr fwSS-telnet-socket-in-use-curr
fwSS-telnet-socket-in-use-count fwSS-telnet-socket-in-use-count
fwSS-telnet-sess-max fwSS-telnet-sess-max
fwSS-rlogin fwSS-rlogin
fwSS-rlogin-pid fwSS-rlogin-pid
fwSS-rlogin-sess-curr fwSS-rlogin-sess-curr
fwSS-rlogin-sess-count fwSS-rlogin-sess-count
fwSS-rlogin-auth-sess-max fwSS-rlogin-auth-sess-max
fwSS-rlogin-auth-sess-curr fwSS-rlogin-auth-sess-curr
fwSS-rlogin-auth-sess-count fwSS-rlogin-auth-sess-count
fwSS-rlogin-accepted-sess fwSS-rlogin-accepted-sess
fwSS-rlogin-rejected-sess fwSS-rlogin-rejected-sess
fwSS-rlogin-auth-failures fwSS-rlogin-auth-failures
fwSS-rlogin-time-stamp fwSS-rlogin-time-stamp
fwSS-rlogin-is-alive fwSS-rlogin-is-alive
fwSS-rlogin-proto fwSS-rlogin-proto
fwSS-rlogin-port fwSS-rlogin-port
fwSS-rlogin-logical-port fwSS-rlogin-logical-port
fwSS-rlogin-max-avail-socket fwSS-rlogin-max-avail-socket
fwSS-rlogin-socket-in-use-max fwSS-rlogin-socket-in-use-max
fwSS-rlogin-socket-in-use-curr fwSS-rlogin-socket-in-use-curr
fwSS-rlogin-socket-in-use-count fwSS-rlogin-socket-in-use-count
fwSS-rlogin-sess-max fwSS-rlogin-sess-max
fwSS-ufp fwSS-ufp
fwSS-ufp-ops-ufp-sess-max fwSS-ufp-ops-ufp-sess-max
fwSS-ufp-ops-ufp-sess-curr fwSS-ufp-ops-ufp-sess-curr
fwSS-ufp-ops-ufp-sess-count fwSS-ufp-ops-ufp-sess-count
fwSS-ufp-ops-ufp-rej-sess fwSS-ufp-ops-ufp-rej-sess
fwSS-ufp-time-stamp fwSS-ufp-time-stamp
fwSS-ufp-is-alive fwSS-ufp-is-alive
fwSS-smtp fwSS-smtp
fwSS-smtp-pid fwSS-smtp-pid
fwSS-smtp-sess-curr fwSS-smtp-sess-curr
fwSS-smtp-sess-count fwSS-smtp-sess-count
fwSS-smtp-auth-sess-max fwSS-smtp-auth-sess-max
fwSS-smtp-auth-sess-curr fwSS-smtp-auth-sess-curr
fwSS-smtp-auth-sess-count fwSS-smtp-auth-sess-count
fwSS-smtp-accepted-sess fwSS-smtp-accepted-sess
fwSS-smtp-rejected-sess fwSS-smtp-rejected-sess
fwSS-smtp-auth-failures fwSS-smtp-auth-failures
fwSS-smtp-mail-max fwSS-smtp-mail-max
fwSS-smtp-mail-curr fwSS-smtp-mail-curr
fwSS-smtp-proto fwSS-smtp-proto
fwSS-smtp-mail-count fwSS-smtp-mail-count
fwSS-smtp-outgoing-mail-max fwSS-smtp-outgoing-mail-max
fwSS-smtp-outgoing-mail-curr fwSS-smtp-outgoing-mail-curr
fwSS-smtp-outgoing-mail-count fwSS-smtp-outgoing-mail-count
fwSS-smtp-max-mail-on-conn fwSS-smtp-max-mail-on-conn
fwSS-smtp-total-mails fwSS-smtp-total-mails
fwSS-smtp-time-stamp fwSS-smtp-time-stamp
fwSS-smtp-is-alive fwSS-smtp-is-alive
fwSS-smtp-port fwSS-smtp-port
fwSS-smtp-logical-port fwSS-smtp-logical-port
fwSS-smtp-max-avail-socket fwSS-smtp-max-avail-socket
fwSS-smtp-socket-in-use-max fwSS-smtp-socket-in-use-max
fwSS-smtp-socket-in-use-curr fwSS-smtp-socket-in-use-curr
fwSS-smtp-socket-in-use-count fwSS-smtp-socket-in-use-count
fwSS-smtp-sess-max fwSS-smtp-sess-max
fwFilterDate fwFilterDate
fwAccepted fwAccepted
fwRejected fwRejected
fwDropped fwDropped
fwLogged fwLogged
fwMajor fwMajor
fwMinor fwMinor
ls ls
lsProdName lsProdName
lsStatCode lsStatCode
lsStatShortDescr lsStatShortDescr
lsStatLongDescr lsStatLongDescr
lsVerMajor lsVerMajor
lsVerMinor lsVerMinor
lsBuildNumber lsBuildNumber
lsFwmIsAlive lsFwmIsAlive
lsConnectedClientsTable lsConnectedClientsTable
lsConnectedClientsEntry lsConnectedClientsEntry
lsIndex lsIndex
lsClientName lsClientName
lsClientHost lsClientHost
lsClientDbLock lsClientDbLock
lsApplicationType lsApplicationType
vpn vpn
cpvProdName cpvProdName
cpvIPsec cpvIPsec
cpvTnlMon cpvTnlMon
cpvTnlMonEntry cpvTnlMonEntry
cpvTnlMonAddr cpvTnlMonAddr
cpvTnlMonStatus cpvTnlMonStatus
cpvTnlMonCurrAddr cpvTnlMonCurrAddr
cpvVerMajor cpvVerMajor
cpvVerMinor cpvVerMinor
cpvGeneral cpvGeneral
cpvStatistics cpvStatistics
cpvEncPackets cpvEncPackets
cpvDecPackets cpvDecPackets
cpvErrors cpvErrors
cpvErrOut cpvErrOut
cpvErrIn cpvErrIn
cpvErrIke cpvErrIke
cpvErrPolicy cpvErrPolicy
cpvIpsec cpvIpsec
cpvIPsecNIC cpvIPsecNIC
cpvIPsecNICsNum cpvIPsecNICsNum
cpvIPsecNICTotalDownLoadedSAs cpvIPsecNICTotalDownLoadedSAs
cpvIPsecNICCurrDownLoadedSAs cpvIPsecNICCurrDownLoadedSAs
cpvIPsecNICDecrBytes cpvIPsecNICDecrBytes
cpvIPsecNICEncrBytes cpvIPsecNICEncrBytes
cpvIPsecNICDecrPackets cpvIPsecNICDecrPackets
cpvIPsecNICEncrPackets cpvIPsecNICEncrPackets
cpvSaStatistics cpvSaStatistics
cpvCurrEspSAsIn cpvCurrEspSAsIn
cpvMaxConncurEspSAsOut cpvMaxConncurEspSAsOut
cpvMaxConncurAhSAsIn cpvMaxConncurAhSAsIn
cpvMaxConncurAhSAsOut cpvMaxConncurAhSAsOut
cpvTotalEspSAsIn cpvTotalEspSAsIn
cpvCurrEspSAsOut cpvCurrEspSAsOut
cpvTotalEspSAsOut cpvTotalEspSAsOut
cpvCurrAhSAsIn cpvCurrAhSAsIn
cpvTotalAhSAsIn cpvTotalAhSAsIn
cpvCurrAhSAsOut cpvCurrAhSAsOut
cpvTotalAhSAsOut cpvTotalAhSAsOut
cpvMaxConncurEspSAsIn cpvMaxConncurEspSAsIn
cpvSaErrors cpvSaErrors
cpvSaDecrErr cpvSaDecrErr
cpvSaAuthErr cpvSaAuthErr
cpvSaReplayErr cpvSaReplayErr
cpvSaPolicyErr cpvSaPolicyErr
cpvSaOtherErrIn cpvSaOtherErrIn
cpvSaOtherErrOut cpvSaOtherErrOut
cpvSaUnknownSpiErr cpvSaUnknownSpiErr
cpvIpsecStatistics cpvIpsecStatistics
cpvIpsecUdpEspEncPkts cpvIpsecUdpEspEncPkts
cpvIpsecDecomprPkts cpvIpsecDecomprPkts
cpvIpsecDecomprErr cpvIpsecDecomprErr
cpvIpsecComprBytesBefore cpvIpsecComprBytesBefore
cpvIpsecComprBytesAfter cpvIpsecComprBytesAfter
cpvIpsecComprOverhead cpvIpsecComprOverhead
cpvIpsecNonCompressibleBytes cpvIpsecNonCompressibleBytes
cpvIpsecCompressiblePkts cpvIpsecCompressiblePkts
cpvIpsecNonCompressiblePkts cpvIpsecNonCompressiblePkts
cpvIpsecComprErrors cpvIpsecComprErrors
cpvIpsecEspEncBytes cpvIpsecEspEncBytes
cpvIpsecUdpEspDecPkts cpvIpsecUdpEspDecPkts
cpvIpsecEspDecBytes cpvIpsecEspDecBytes
cpvIpsecAhEncPkts cpvIpsecAhEncPkts
cpvIpsecAhDecPkts cpvIpsecAhDecPkts
cpvIpsecEspEncPkts cpvIpsecEspEncPkts
cpvIpsecEspDecPkts cpvIpsecEspDecPkts
cpvIpsecDecomprBytesBefore cpvIpsecDecomprBytesBefore
cpvIpsecDecomprBytesAfter cpvIpsecDecomprBytesAfter
cpvIpsecDecomprOverhead cpvIpsecDecomprOverhead
cpvFwz cpvFwz
cpvFwzStatistics cpvFwzStatistics
cpvFwzEncapsEncPkts cpvFwzEncapsEncPkts
cpvFwzEncapsDecPkts cpvFwzEncapsDecPkts
cpvFwzEncPkts cpvFwzEncPkts
cpvFwzDecPkts cpvFwzDecPkts
cpvFwzErrors cpvFwzErrors
cpvFwzEncapsEncErrs cpvFwzEncapsEncErrs
cpvFwzEncapsDecErrs cpvFwzEncapsDecErrs
cpvFwzEncErrs cpvFwzEncErrs
cpvFwzDecErrs cpvFwzDecErrs
cpvAccelerator cpvAccelerator
cpvHwAccelGeneral cpvHwAccelGeneral
cpvHwAccelVendor cpvHwAccelVendor
cpvHwAccelStatus cpvHwAccelStatus
cpvHwAccelDriverMajorVer cpvHwAccelDriverMajorVer
cpvHwAccelDriverMinorVer cpvHwAccelDriverMinorVer
cpvHwAccelStatistics cpvHwAccelStatistics
cpvHwAccelEspEncPkts cpvHwAccelEspEncPkts
cpvHwAccelEspDecPkts cpvHwAccelEspDecPkts
cpvHwAccelEspEncBytes cpvHwAccelEspEncBytes
cpvHwAccelEspDecBytes cpvHwAccelEspDecBytes
cpvHwAccelAhEncPkts cpvHwAccelAhEncPkts
cpvHwAccelAhDecPkts cpvHwAccelAhDecPkts
cpvHwAccelAhEncBytes cpvHwAccelAhEncBytes
cpvHwAccelAhDecBytes cpvHwAccelAhDecBytes
cpvIKE cpvIKE
cpvIKEglobals cpvIKEglobals
cpvIKECurrSAs cpvIKECurrSAs
cpvIKEMaxConncurSAs cpvIKEMaxConncurSAs
cpvIKEMaxConncurInitSAs cpvIKEMaxConncurInitSAs
cpvIKEMaxConncurRespSAs cpvIKEMaxConncurRespSAs
cpvIKECurrInitSAs cpvIKECurrInitSAs
cpvIKECurrRespSAs cpvIKECurrRespSAs
cpvIKETotalSAs cpvIKETotalSAs
cpvIKETotalInitSAs cpvIKETotalInitSAs
cpvIKETotalRespSAs cpvIKETotalRespSAs
cpvIKETotalSAsAttempts cpvIKETotalSAsAttempts
cpvIKETotalSAsInitAttempts cpvIKETotalSAsInitAttempts
cpvIKETotalSAsRespAttempts cpvIKETotalSAsRespAttempts
cpvIKEerrors cpvIKEerrors
cpvIKETotalFailuresInit cpvIKETotalFailuresInit
cpvIKENoResp cpvIKENoResp
cpvIKETotalFailuresResp cpvIKETotalFailuresResp
fg fg
fgProdName fgProdName
fgVerMajor fgVerMajor
fgVerMinor fgVerMinor
fgVersionString fgVersionString
fgModuleKernelBuild fgModuleKernelBuild
fgStrPolicyName fgStrPolicyName
fgInstallTime fgInstallTime
fgNumInterfaces fgNumInterfaces
fgIfTable fgIfTable
fgIfEntry fgIfEntry
fgIfIndex fgIfIndex
fgPendPcktsIn fgPendPcktsIn
fgPendPcktsOut fgPendPcktsOut
fgPendBytesIn fgPendBytesIn
fgPendBytesOut fgPendBytesOut
fgNumConnIn fgNumConnIn
fgNumConnOut fgNumConnOut
fgIfName fgIfName
fgPolicyName fgPolicyName
fgRateLimitIn fgRateLimitIn
fgRateLimitOut fgRateLimitOut
fgAvrRateIn fgAvrRateIn
fgAvrRateOut fgAvrRateOut
fgRetransPcktsIn fgRetransPcktsIn
fgRetransPcktsOut fgRetransPcktsOut
ha ha
haProdName haProdName
haProtoVersion haProtoVersion
haStatCode haStatCode
haStatShort haStatShort
haStatLong haStatLong
haWorkMode haWorkMode
haIfTable haIfTable
haIfEntry haIfEntry
haIfIndex haIfIndex
haIfName haIfName
haIP haIP
haStatus haStatus
haVerified haVerified
haTrusted haTrusted
haShared haShared
haProblemTable haProblemTable
haProblemEntry haProblemEntry
haProblemIndex haProblemIndex
haProblemName haProblemName
haProblemStatus haProblemStatus
haProblemPriority haProblemPriority
haProblemVerified haProblemVerified
haProblemDescr haProblemDescr
haVersionSting haVersionSting
haInstalled haInstalled
haVerMajor haVerMajor
haVerMinor haVerMinor
haStarted haStarted
haState haState
haBlockState haBlockState
haIdentifier haIdentifier
haServicePack haServicePack
svn svn
svnProdName svnProdName
svnStatCode svnStatCode
svnStatShortDescr svnStatShortDescr
svnStatLongDescr svnStatLongDescr
svnProdVerMajor svnProdVerMajor
svnProdVerMinor svnProdVerMinor
svnInfo svnInfo
svnVersion svnVersion
svnBuild svnBuild
svnOSInfo svnOSInfo
osName osName
osMajorVer osMajorVer
osMinorVer osMinorVer
osBuildNum osBuildNum
osSPmajor osSPmajor
osSPminor osSPminor
osVersionLevel osVersionLevel
routingTable routingTable
routingEntry routingEntry
routingIndex routingIndex
routingDest routingDest
routingMask routingMask
routingGatweway routingGatweway
routingIntrfName routingIntrfName
svnPerf svnPerf
svnMem svnMem
memTotalVirtual memTotalVirtual
memActiveVirtual memActiveVirtual
memTotalReal memTotalReal
memActiveReal memActiveReal
memFreeReal memFreeReal
memSwapsSec memSwapsSec
memDiskTransfers memDiskTransfers
svnProc svnProc
procUsrTime procUsrTime
procSysTime procSysTime
procIdleTime procIdleTime
procUsage procUsage
procQueue procQueue
procInterrupts procInterrupts
procNum procNum
svnDisk svnDisk
diskTime diskTime
diskQueue diskQueue
diskPercent diskPercent
diskFreeTotal diskFreeTotal
diskFreeAvail diskFreeAvail
diskTotal diskTotal
svnMem64 svnMem64
memTotalVirtual64 memTotalVirtual64
memActiveVirtual64 memActiveVirtual64
memTotalReal64 memTotalReal64
memActiveReal64 memActiveReal64
memFreeReal64 memFreeReal64
memSwapsSec64 memSwapsSec64
memDiskTransfers64 memDiskTransfers64
svnServicePack svnServicePack
mngmt mngmt
mgProdName mgProdName
mgStatCode mgStatCode
mgStatShortDescr mgStatShortDescr
mgStatLongDescr mgStatLongDescr
mgVerMajor mgVerMajor
mgVerMinor mgVerMinor
mgBuildNumber mgBuildNumber
mgActiveStatus mgActiveStatus
mgFwmIsAlive mgFwmIsAlive
mgConnectedClientsTable mgConnectedClientsTable
mgConnectedClientsEntry mgConnectedClientsEntry
mgIndex mgIndex
mgClientName mgClientName
mgClientHost mgClientHost
mgClientDbLock mgClientDbLock
mgApplicationType mgApplicationType
wam wam
wamProdName wamProdName
wamStatCode wamStatCode
wamStatShortDescr wamStatShortDescr
wamStatLongDescr wamStatLongDescr
wamVerMajor wamVerMajor
wamVerMinor wamVerMinor
wamState wamState
wamName wamName
wamPluginPerformance wamPluginPerformance
wamAcceptReq wamAcceptReq
wamRejectReq wamRejectReq
wamPolicy wamPolicy
wamPolicyName wamPolicyName
wamPolicyUpdate wamPolicyUpdate
wamUagQueries wamUagQueries
wamUagHost wamUagHost
wamUagIp wamUagIp
wamUagPort wamUagPort
wamUagNoQueries wamUagNoQueries
wamUagLastQuery wamUagLastQuery
wamGlobalPerformance wamGlobalPerformance
wamOpenSessions wamOpenSessions
wamLastSession wamLastSession
dtps dtps
dtpsProdName dtpsProdName
dtpsStatCode dtpsStatCode
dtpsStatShortDescr dtpsStatShortDescr
dtpsStatLongDescr dtpsStatLongDescr
dtpsVerMajor dtpsVerMajor
dtpsVerMinor dtpsVerMinor
dtpsLicensedUsers dtpsLicensedUsers
dtpsConnectedUsers dtpsConnectedUsers