0

In a Check Point firewall, can you please explain what occurs between the POSTIN (I) and PREOUT (o) inspection points?

AviD
  • 72,138
  • 22
  • 136
  • 218
Franko
  • 1,530
  • 5
  • 18
  • 30

1 Answers1

1

Between the POSTIN (I) and PREOUT (o) inspection points most of the policy processing/routing is done.

So the question is actually what is not done between POSTIN (I) and PREOUT (o).

This includes (not a complete list, depends on version and implementation):

  • Packet sanity checks - IP options and state checking.
  • VPN decryption/encryption - Packets are decrypted before processing by rule base.
  • SecureXL processing – Packets are accelerated and may bypass POSTIN-PREOUT altogether if packets were already allowed through policy and traffic can be accelerated.

The iIoO is only default inspection points. For a full list of the in/out chain running on your firewalls run fw ctl chain from SPLAT.

Also see this old but still good reference document http://www.checkpoint.com/techsupport/downloads/html/ethereal/fw_monitor_rev1_01.pdf.

Hope this helps.

Bernie White
  • 2,866
  • 17
  • 18