How to Enable TCP Options in Checkpoint Firewall.

Process Document of Enable TCP Options on Checkpoint Firewall.

Issue: Checkpoint Security Gateway Will drop TCP/UDP packet with IP options. In certain environments, traffic going through checkpoint security gateways may contain IP options. It may be necessary to allow these packets to pass.
In order to allow packets with IP options to pass through security gateway, the configuration on the security management server has to be changed manually.

Action Plan:-
1.    Open the table.def file in Checkpoint Management server and the configuration on the security management server has to be changed manually in the relevant “ table.def “ file.
Path:- C:\Windows\FW1\R77\fw1\lib  -> table.def file
2.    Extract the protocol number and IP options number of the dropped packets. To allow an IP option for all protocols, the IP option number of the dropped packet has to be added inside the brackets in Decimal format.

allowed_ip_options = { <148> };
allowed_ip_options = { <148>, <24>, <25>, <26>, <27>, <28>, <29>, <30>, <31> };

The allowed_ipopts_proto table :

Allowed_ipopts_proto = {
    <2, 148>,
<6, 24>,
<6, 25>,
<6, 26>,
<6, 27>,
<6, 28>,
<6, 29>,
<6, 30>,
<6, 31>,
<103, 148>,

3.    Connect with SmartDashboard to Security Management Server.

4.    Install the policy onto security gateway.

5.    Verify that changes were accepted by the security gateway.

Check the allowed_ip_options table

[Expert@GW]# fw tab –t allowed_ip_options

Check the allowed_ipopts_proto table

[Expert@GW]# FW tab –t allowed_ipopts_proto


  1. Learn the process involved on how to enable TCP options in checkpoint farewell.TCP Number provide an efficient & cost friendly process to obtain carrier license.

  2. with passing time you can encounter Epson error code 0x97. There are high chances of occurrence for this error if you are using Epson printer regularly since a long time

  3. This comment has been removed by the author.

  4. we are child learning India has launched one education application that is parent teacher app. its help you to communicate with teacher by sitting at home. there are so many features available in this application for more you can follow our website.


Post a Comment

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall