Correct answer: A (i only)
fw worker acts between i and I, so if it droppes packet i will show the packet (as i is de facto in interface) and nothing will be shown on I (as fw worker will drop the packet before that).
As for the NAT - it occures after o and before O.
Not sure...
https://community.checkpoint.com/t5/General-Topics/Check-Point-Inspection-points-iIoO/td-p/34938
i -- Access Control policy layer evaluation -- I
So when it is dropped by policy will it be seen with I or not?
https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_NextGenSecurityGateway_Guide/Topics-FWG/CLI/fw-monitor.htm
-m I
Post-Inbound only (after the packet passes a Chain Module in the inbound direction)
The "passes" couldn't clarify if policy lookup = drop = pass or not pass chain module
So it could be i or i I
• Packet is seen at position 'i' but not anywhere after that – Means the Firewall is
dropping it or NAT has occurred and has changed the IP address or Port number.
• Packet is seen at positions 'i' and 'I' but not after that – The Firewall has accepted
the packet but the operating system probably could not route it. Check route table
on Security Gateway
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Angel123
1 year, 4 months agorabbirobert
1 year, 5 months agorabbirobert
1 year, 5 months agoNunci
1 year, 6 months agoshadow_89
1 year, 7 months agolalaliano
1 year, 8 months ago