How Your Rulebase Is Converted to INSPECT
Your security policy is stored as a .W file on the management console as well as inside the rulebases_5_0.fws file. Your rulebase file contains all of the rules you have defined in the Security Policy Editor referencing network objects. Your objects_5_0.C file contains the definitions for the network objects referenced in your rulebase file as well as properties that further define your rulebase (the implicit rules). When you load a policy, the .W file is put through a compiler that takes the .W file along with your objects_5_0.C file (and other files) and creates a .pf (packet filter) file. This .pf file contains INSPECT code that represents your security policy as well as some familiar-looking compiler ...
Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.