Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CheckPoint Exam 156-587 Topic 5 Question 14 Discussion

Actual exam question for CheckPoint's 156-587 exam
Question #: 14
Topic #: 5
[All 156-587 Questions]

You need to monitor traffic pre-inbound and before the VPN module in a Security Gateway. How would you achieve this using fw monitor?

Show Suggested Answer Hide Answer
Suggested Answer: B

The fw monitor command is a powerful troubleshooting tool in Check Point Gateways that captures packets at various points in the processing chain. The question asks how to capture traffic pre-inbound (before inbound processing, i.e., at the ''i'' inspection point) and before the VPN module (before VPN decryption or processing).

The fw monitor syntax allows specifying inspection points using options like -pi (pre-inbound) and module names (e.g., -vpn for the VPN module). The correct syntax to capture traffic before a specific module is -pi -<module>, where the module name is prefixed with a minus sign to indicate ''before'' the module.

Option A: Incorrect. fw monitor -p all captures packets at all inspection points in the chain, which includes pre-inbound, post-inbound, pre-outbound, and post-outbound points, as well as points around all modules. This is too broad and does not specifically target pre-inbound and before the VPN module.

Option B: Correct. fw monitor -pi -vpn captures packets at the pre-inbound inspection point (''i'') and before the VPN module (-vpn). The -pi specifies the pre-inbound point, and -vpn ensures the capture occurs before VPN processing (e.g., decryption).

Option C: Incorrect. fw monitor -pi +vpn would capture packets at the pre-inbound point but after the VPN module (+vpn indicates after the module), which contradicts the requirement to capture before the VPN module.

Option D: Incorrect. This option is a duplicate of Option C in the provided question, likely a typographical error. Even if corrected, +vpn is incorrect for the same reason as Option C.


The Check Point R81.20 Gaia Administration Guide explains the fw monitor command and its options, including how to specify inspection points and module positions. The CCTE R81.20 course includes hands-on labs for using fw monitor to troubleshoot packet flow, emphasizing precise inspection point selection.

For precise details, refer to:

Check Point R81.20 Gaia Administration Guide, section on ''fw monitor'' (available via Check Point Support Center).

CCTE R81.20 Courseware, which covers advanced packet capture techniques with fw monitor (available through authorized training partners).

by Merilyn at Jul 04, 2025, 04:55 AM

Limited Time Offer

25%

Off

Get Premium 156-587 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Roslyn
3 days ago
Why do you think C is the correct answer?
upvoted 0 times
...
Quinn
4 days ago
I disagree, I believe the correct answer is C) fw monitor -pi +vpn.
upvoted 0 times
...
Roslyn
14 days ago
I think the answer is A) fw monitor -p all.
upvoted 0 times
...

Save Cancel