How Your Rulebase Is Converted to INSPECT

Your security policy is stored as a .W file on the management console as well as inside the rulebases_5_0.fws file. Your rulebase file contains all of the rules you have defined in the Security Policy Editor referencing network objects. Your objects_5_0.C file contains the definitions for the network objects referenced in your rulebase file as well as properties that further define your rulebase (the implicit rules). When you load a policy, the .W file is put through a compiler that takes the .W file along with your objects_5_0.C file (and other files) and creates a .pf (packet filter) file. This .pf file contains INSPECT code that represents your security policy as well as some familiar-looking compiler ...

Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.