Now that I have talked about how INSPECT works and how your rulebase translates to INSPECT code, I can show you some sample INSPECT code.
Exercise appropriate caution before implementing any of this code in a production network. This includes testing in a nonproduction environment to ensure the code does what you expect.
Check Point allows you to place custom INSPECT scripts in $FWDIR/lib/user.def. Check Point does not overwrite this file during an upgrade; therefore, it is the recommended location for any custom INSPECT code. All INSPECT changes should be done on the management console. A policy reinstall is required ...