What is a possible command to delete all of the SSH connections of a gateway?
What is a possible command to delete all of the SSH connections of a gateway?
The correct command to delete all SSH connections of a gateway is 'fw ctl conntab -x -dport=22'. The fw ctl conntab command can delete connection table entries, and the -x parameter is used for deletion. Additionally, the use of -dport=22 specifies that all connections on port 22 (SSH) should be deleted.
Kortex book (CCSE), page 227 "The fw ctl conntab can also be used to delete connection table entries with the -x parameter: fw ctl conntab-x -dport=22"
B is correct
C correct Answer A - Fw sam is for suspicious activity monitor B- Fw ctl conntab is only for showing connections and also doesn't have -x Flag or dport option D - fwaccel is for acceleration and also it doesn't have any of the options or flags mentioned C - Is the most suitable option since it has all the flags and 16 in hexadecimal is 22 (ssh) and as it mentioned on the following link this command is for advanced user and the flags -x -e should be used with careful https://sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_CLI_ReferenceGuide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_CLI_ReferenceGuide/208178
I think it's B. I tried this on my Gateway and it dropped my SSH connection. C is the command to delete a specific entry from the connections table using its Hex reference.
I would say C is correct. fw tab command lists -x as a possible parameter, fw ctl conntab does not. "-x [-e <Entry>] Deletes all entries or the specified entry from the specified kernel table." https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/FWG/fw-tab.htm
C is correct
B is correct
B is correct, Kortex book (CCSE), page 227
In a Check Point firewall environment, you can use the fw tab command to clear specific connections based on criteria. Command in Answer C is more specific as it targets the "connections" table and seems to use an entry (00000016) to clear a particular connection. The first command, on the other hand, attempts to clear connections with a destination port of 22 (SSH).
fw ctl conntab -x no info found in https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/FWG/fw-ctl-conntab.htm C is more suitable https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_CLI_ReferenceGuide/Topics-CLIG/FWG/fw-tab.htm -x [-e <Entry>] Deletes all entries or the specified entry from the specified kernel table. You can use this parameter only on the local Security Gateway.
I think the correct answer is C