fw ctl or checkpoint tables by any other name


Today I want to draw your attention to often overlooked information source – Checkpoint state tables. While running, the firewall creates, keeps and updates various tables it needs for correct functioning. These tables contain parameters that are mostly of use for firewall itself, but you can query them on the cli, sometimes even flush them as well. To see all tables with its contents you type:
[Expert@Hollywood]# fw tab
To see only table names:
[Expert@Hollywood] fw tab | grep "-------"

-------- vsx_firewalled --------
-------- firewalled_list --------
-------- external_firewalled_list --------
-------- management_list --------
-------- external_management_list --------
-------- log_server_list --------
-------- tcp_services --------
-------- udp_services --------
-------- internal_interface_list --------
-------- topology_range_list --------
-------- gui_clients_list --------
-------- cp_NG_products_list --------
-------- smtp_av_user_config_match_tab --------
-------- smtp_av_scan_exclusion --------
-------- http_av_user_config_match_tab --------
-------- http_av_scan_exclusion --------
-------- pop3_av_user_config_match_tab --------
-------- pop3_av_scan_exclusion --------<!-- more -->
-------- aspam_unique_id --------
-------- aspam_directional_match_tab --------
-------- aspam_smtp_ip_match_tab_src --------
-------- aspam_pop3_ip_match_tab_src --------
-------- aspam_scan_all_traffic --------
-------- auth_rules_on_gw --------
-------- content_security_uf --------
-------- content_security_av --------
-------- content_security_aspam --------
-------- content_security_next_proxy --------
-------- cs_next_proxy_host --------
-------- cs_next_proxy_port --------
-------- module_content_security --------
-------- report_server_list --------
-------- smartPortal_server_list --------
-------- abacus_server_list --------
-------- event_analyzers_list --------
-------- ua_server_list --------
-------- ua_products_list --------
-------- rtm_list --------
-------- cvp_servers_list --------
-------- ufp_servers_list --------
-------- cpmi_clients_list --------
-------- radius_servers_list --------
-------- tacacs_servers_list --------
-------- ldap_servers_list --------
-------- NG_policy_server_list --------
-------- physical_servers_list --------
-------- load_servers_list --------
-------- drop_rejct_rules --------
-------- gsn_quota --------
-------- no_nat_comm_4 --------
-------- community_no_nat --------
-------- http_services --------
-------- ftp_services --------
-------- smtp_services --------
-------- pop3_services --------
-------- cifs_services --------
-------- dns_services --------
-------- sip_services --------
-------- mgcp_services --------
-------- dns_rand_servers --------
-------- aspam_wb_ip --------
-------- mgcp_cmd --------
-------- sip_method --------
-------- non_scv_hosts --------
-------- gtp_apn_params --------
-------- ssl_tunnels_excluded_services --------
-------- ssl_tunnels_excluded_clients --------
-------- syslg_relay_servers_list --------
-------- dcerpc_maps --------
-------- dcerpc_rmaps --------
-------- dcerpc_binds --------
-------- dcerpc_epm_requests --------
-------- dcerpc_map_ports --------
-------- dcerpc_udp_maps --------
-------- dcerpc_udp_rmaps --------
-------- dcerpc_udp_epm_requests --------
-------- dcerpc_udp_hpov_maps --------
-------- dcerpc_logs --------
-------- dcerpc_reply_any_port --------
-------- dcom_objects --------
-------- dcom_remote_activations --------
-------- dcom_call_ids --------
-------- dcom_high_port --------
-------- dcom_sysact_state --------
-------- compiled_cifs_resources --------
-------- userc_rules --------
-------- userc_bind --------
-------- userc_key --------
-------- userc_users --------
-------- userc_pending --------
-------- userc_slan --------
-------- userc_dtm_cache --------
-------- pending --------
-------- rpc_serv_hosts --------
-------- rpc_serv --------
-------- rpc_sessions --------
-------- pmap_req --------
-------- pmap_not_responding --------
-------- logged --------
-------- trapped --------
-------- check_alive --------
-------- auth_services --------
-------- client_auth --------
-------- client_was_auth --------
-------- autoclntauth_fold --------
-------- session_requests --------
-------- pending_session_requests --------
-------- sso_requests --------
-------- auth_status --------
-------- av_cache --------
-------- proxied_conns --------
-------- genufp_requests --------
-------- genufp_matched --------
-------- genufp_mismatched --------
-------- icmp_requests --------
-------- icmp_replies --------
-------- icmp_errors --------
-------- forbidden_tab --------
-------- ipufp_cache --------
-------- ufp_statistic --------
-------- dynobj_cache --------
-------- dns_rand_to_sid --------
-------- dns_sid_to_rand --------
-------- dns_response_misses --------
-------- snid_enc_keys --------
-------- resolve_hostbyname_cache --------
-------- resolve_hostbyaddr_cache --------
-------- voip_host_connections --------
-------- cac_codecs --------
-------- sip_state --------
-------- earlynat_sport --------
-------- sip_dynamic_port --------
-------- sip_cseq --------
-------- mgcp_conn --------
-------- mgcp_tid --------
-------- mgcp_registration --------
-------- mgcp_earlynat_tid --------
-------- mgcp_dynamic_port --------
-------- ssl_v3_conns --------
-------- ssh2_syn_table --------
-------- ssh2_client_seq --------
-------- p2p_sessions --------
-------- edonkey_clients --------
-------- p2p_packets --------
-------- pptp_state --------
-------- first_master --------
-------- mapped_if --------
-------- fwx_sticky_port --------
-------- allowed_ip_options --------
-------- allowed_ipopts_proto --------
-------- hide_behind_low_ports --------
-------- cluster_mcast_nolog --------
-------- hide_services_ports --------
-------- no_hide_services_ports --------
-------- no_fold_services_ports --------
-------- nokia_no_fold_ports --------
-------- no_misp_services_ports --------
-------- pop3d_clients --------
-------- epq_quarantined_host --------
-------- aspam_syn_cache --------
-------- tcp_services_props --------
-------- udp_services_props --------
-------- other_services_props --------
-------- adp_ca_brightstor_tab --------
-------- rc4_table --------
-------- Objhbbbjb --------
-------- ObjUOdnB --------
-------- ObjSRqhab --------
-------- ObjLALMqb --------
-------- ObjsFK9hb --------
-------- Obj4kPyz --------
-------- ObjO80qQb --------
-------- ObjolM2n --------
-------- mhis_tab --------
-------- Obja2fNE --------
-------- ObjQvSXqb --------
-------- ObjGiirDb --------
-------- http_hand_tab --------
-------- Objn_q2i --------
-------- Objo2Goeb --------
-------- ObjdSJuO --------
-------- ObjqYUGFb --------
-------- contnt_prot_state_table --------
-------- backweb_connections --------
-------- freetel_connections --------
-------- iiop_requests --------
-------- x11verify_tab --------
-------- wf_connections --------
-------- exchange_notifies --------
-------- rtsp_tab --------
-------- ncp_table --------
-------- e2e_gwbw_table --------
-------- vpn_range_gateways --------
-------- vpn_range_gateways_valid --------
-------- cvp_connections --------
-------- p2p_logged --------
-------- welchia_tab --------
-------- ssh_sessions --------
-------- gif_rerun_tbl --------
-------- aviwave_table --------
-------- png_tab --------
-------- emf_wmf_tab --------
-------- ObjIqngWb --------
-------- Obj1Pjdc --------
-------- ObjEcVuT --------
-------- ObjBYyIB --------
-------- mpe_pme_tab --------
-------- ObjipTMsb --------
-------- ObjAIP_g --------
-------- Obj1_j2Qb --------
-------- ObjsRmHN --------
-------- ObjgGBn_b --------
-------- Obj8YTItb --------
-------- office_rerun_tab --------
-------- block_office_ppt_start --------
-------- block_office_offset --------
-------- block_office_retrans --------
-------- ObjYpZWX --------
-------- ObjLRkIWb --------
-------- ObjiMhGQ --------
-------- ObjdZJgJb --------
-------- Obji4D8J --------
-------- ObjTBbSbb --------
-------- ObjFYJhJb --------
-------- ObjK3HfXb --------
-------- Obj3Izhfc --------
-------- ObjATGcAb --------
-------- snmp_pdu_types --------
-------- ObjPKm54b --------
-------- ObjpZHv1 --------
-------- ObjNPV8V --------
-------- Objmeh8Ub --------
-------- Obj0XzAN --------
-------- ObjXatVDb --------
-------- syslog_dates --------
-------- buf_table --------
-------- cram_table --------
-------- imap_log_tbl --------
-------- imap_except_tbl --------
-------- flac_table --------
-------- sami_tbl --------
-------- ObjajI9Rb --------
-------- ObjCGXEdb --------
-------- pct_opcode_tab --------
-------- pct_tab --------
-------- Obj1e5hC --------
-------- ObjRztz7 --------
-------- ObjaxeIAb --------
-------- ObjwNbxib --------
-------- word_plflfo_tbl --------
-------- word_sprm_tbl --------
-------- ObjkxWEfc --------
-------- Obj217K1 --------
-------- flash_tab --------
-------- ObjjoQvm --------
-------- ObjUZxDgc --------
-------- ObjlgJhcc --------
-------- ObjaLxvLb --------
-------- rtf_fmp_parse27_tab --------
-------- ssl_counter_tab --------
-------- dns_bruth_tab --------
-------- dns_bruth_tab_case --------
-------- dns_bruth_res_tab --------
-------- pdf_jbig_tbl --------
-------- ObjO5atzb --------
-------- ObjCy5LO --------
-------- ObjmbEnl --------
-------- ObjxZiyv --------
-------- Obj8sHTQb --------
-------- ObjCMpyg --------
-------- ObjMbgQeb --------
-------- ObjHh3It --------
-------- ObjsYf1n --------
-------- ldap_leak_tab --------
-------- ObjhPV7z --------
-------- ObjEkdpjc --------
-------- ObjH3V57 --------
-------- pe_parser_tbl --------
-------- Obj6a6Th --------
-------- ObjHkxoe --------
-------- Obj6yDZpb --------
-------- ObjRpdDu --------
-------- ObjiB_Z4b --------
-------- ms_proj_tab --------
-------- ObjyXqwA --------
-------- sdupdate_dynamic_tab_attrs --------
-------- vpn_active --------
-------- encryption_requests --------
-------- decryption_pending --------
-------- rdp_table --------
-------- rdp_dont_trap --------
-------- userc_encapsulating_clients --------
-------- MSPI_cluster_feedback --------
-------- MSPI_cluster_feedback_new --------
-------- L2TP_MSPI_cluster_feedback --------
-------- MSPI_cluster_update --------
-------- L2TP_MSPI_cluster_update --------
-------- MSPI_cluster_request --------
-------- MSPI_feedback_to_delete --------
-------- ATLAS_ROBO_Objects --------
-------- DAG_ID_to_IP --------
-------- DAG_IP_to_ID --------
-------- ipsec_crypt_pending --------
-------- inbound_SPI --------
-------- outbound_SPI --------
-------- resolving_requests --------
-------- MSPI_requests --------
-------- SPI_requests --------
-------- resolving_req_connections --------
-------- MSPI_req_connections --------
-------- user_auth_groups --------
-------- IKE_SA_table --------
-------- new_IKE_SA_update --------
-------- IPSEC_userc_dont_trap_table --------
-------- SEP_my_IKE_packet --------
-------- tcpt_external_ip --------
-------- L2TP_tunnels --------
-------- L2TP_sessions --------
-------- L2TP_lookup --------
-------- vpn_if_peer_mspi --------
-------- vpn_interfaces_table --------
-------- peer_vpn_if_mapping --------
-------- MSPI_by_methods --------
-------- MSPI_cluster_map --------
-------- resolved_interface --------
-------- MEP_chosen_gw --------
-------- crypt_resolver_db --------
-------- MEP_ls --------
-------- userc_resolve_dont_trap --------
-------- fwz_crypt_pending --------
-------- crypt_resolver_uptag --------
-------- cryptlog_table --------
-------- udp_enc_cln_table --------
-------- cluster_connections_nat --------
-------- IPSEC_mtu_icmp --------
-------- IPSEC_mtu_icmp_wait --------
-------- XPO_names --------
-------- communities_names --------
-------- peers_names --------
-------- local_vpn_routing --------
-------- VIN_SA_to_delete --------
-------- udp_response_nat --------
-------- marcipan_mapping --------
-------- marcipan_ippool_users --------
-------- marcipan_ippool_allocated --------
-------- reliable_trap --------
-------- peers_count --------
-------- IKE_peers --------
-------- ipalloc_tab --------
-------- persistent_tunnels --------
-------- dhcp_nat_params_tab --------
-------- my_daip_ip_to_id --------
-------- om_assigned_ips --------
-------- om_radius --------
-------- tnlmon_listener_list --------
-------- tnlmon_life_sign --------
-------- preferred_MEP_gw --------
-------- tnlmon_job_list --------
-------- udp_enc_route_refcount --------
-------- reload_policy_timer --------
-------- http_vpnd_cookies --------
-------- sslt_om_ip_params --------
-------- ssl_tunnel_id_to_mspi --------
-------- http_ics_pre_auth_cookies --------
-------- vpnd_ics_report_suid --------
-------- vpn_queues --------
-------- ike2esp --------
-------- peer2ike --------
-------- ike2peer --------
-------- initial_contact_pending --------
-------- user_properties --------
-------- rdp_state_repository --------
-------- ike_state_repository --------
-------- get_topology_state_repository --------
-------- ike_temp_DAG_IP_to_ID --------
-------- resolved_link --------
-------- orig_route_params --------
-------- cluster_active_robo --------
-------- edge_clusters --------
-------- outbound_spi_by_peer --------
-------- robo_active_link --------
-------- src_ip_by_peer --------
-------- natt_port --------
-------- frl_table --------
-------- sslt_disconnect_reasons --------
-------- vpn_best_route_cache --------
-------- TunnelTest_NAT --------
-------- slp_active_users --------
-------- dag_dhcp_requests --------
-------- net_quota_exclusion_table --------
-------- sr_enc_domain --------
-------- sr_enc_domain_valid --------
-------- vpn_enc_domain --------
-------- vpn_enc_domain_valid --------
-------- vpn_methods --------
-------- vpn_routing --------
-------- vpn_enable_routing --------
-------- vpn_enable_internet_routing --------
-------- static_interface_resolve --------
-------- daip_ranges --------
-------- Robo_ranges --------
-------- Robo_ids --------
-------- Robo_allowed_ranges --------
-------- Robo_clusters --------
-------- sdb_edge_clusters --------
-------- community_domain_4 --------
-------- community_excl_udp_4 --------
-------- om_protected_group --------
-------- gw_properties --------
-------- vpn_rulematch --------
-------- comm_conn_level --------
-------- ca_servers_addresses --------
-------- target_list10 --------
-------- rulenum_list13 --------
-------- rulenum_list14 --------
-------- rulenum_list15 --------
-------- fwportscn_vertical_exclude --------
-------- fw_allow_out_of_tcp_always --------
-------- spii_proto_tab --------
-------- DAG_range --------
-------- NAT_src_intvl_list --------
-------- NAT_dst_intvl_list --------
-------- NAT_src_any_list --------
-------- NAT_dst_any_list --------
-------- NAT_rules --------
-------- full_service_list11 --------
-------- full_service_list12 --------
-------- ip_list1 --------
-------- ip_list2 --------
-------- ip_list3 --------
-------- ip_list4 --------
-------- ip_list5 --------
-------- ip_list6 --------
-------- ip_list7 --------
-------- ip_list8 --------
-------- ip_list9 --------
-------- dir_scan_addrs_list1 --------
-------- valid_addrs_list1 --------
-------- dir_scan_addrs_list2 --------
-------- valid_addrs_list2 --------
-------- gw2gw_communities_ids --------
-------- tcpt_gws --------
-------- svm_profiler --------
-------- svm_range_gateways --------
-------- svm_range_gateways_valid --------
-------- svm_e2e_gwbw_table --------
-------- vpncl_om2cookier --------
-------- vpncl_cookier2om --------
-------- vpncl_ccc_iphone_sessions --------
-------- vpncl_ccc_sessions --------
-------- vpncl_cpras_topology_policy_id --------
-------- sockstress_blocked --------
-------- sockstress_suspicious --------
-------- sockstress_local --------
-------- sockstress_src --------
-------- sam_L2_requests --------
-------- sam_blocked_ips_v2 --------
-------- sam_requests_v2 --------
-------- sam_uid --------
-------- sam_L2_src_dst_requests --------
-------- mrt_sync_table --------
-------- closed_conns --------
-------- fwarp_arpq_tbl --------
-------- fwneighq_tbl --------
-------- strmap_table --------
-------- fwha_VPN_hash_table --------
-------- cpas_cookie_hash --------
-------- cpas_pmtu --------
-------- h323_registration --------
-------- rules_uid_new_table --------
-------- uid2kbuf --------
-------- tab_name_table --------
-------- sip_registration --------
-------- fwx_cache --------
-------- redirected_conns --------
-------- h323_gk_pending_table --------
-------- cphwd_vpndb --------
-------- host_ip_addrs_all --------
-------- excessive_table --------
-------- scv_held_packets_table --------
-------- conn_info --------
-------- chain_log_unification_table --------
-------- fwx_pending --------
-------- scv_ps_table --------
-------- scv_gw_table --------
-------- string_dictionary_table --------
-------- sam_log --------
-------- sam_requests --------
-------- sam_blocked_ips --------
-------- spii_global_pset2kbuf_map --------
-------- spii_multi_pset2kbuf_map --------
-------- ws_protection_scheme_table --------
-------- saved_kbuf_table --------
-------- son_conns --------
-------- parent_conn --------
-------- connections --------
-------- fwx_cntl_dyn_tab --------
-------- h323_tracer_table --------
-------- fwx_auth --------
-------- host_ip_addrs --------
-------- hold_table --------
-------- frag_table --------
-------- arp_table --------
-------- fwx_alloc --------

Now round up of some useful for whatever reason tables you should know about. NOTE - When service is not loaded corresponding table isnt as well
fw tab -t http_av_scan_exclusion

localhost:
 Table http_av_scan_exclusion not loaded: Invalid argument

Most of the time values in these tables are presented as integer or hex values , and almost always they contain IP addresses. Adding -f option to the command deciphers output a bit but not completely , so IP integer-to-decimal converter will be very handy.

To see local encryption domain of this gateway without entering SmartDashboard: fw tab -f -t vpn_enc_domain

Using cptfmt
localhost:
Date: Apr 7, 2010
 8:26:33        192.168.29.25>     : (+)====================================(+); Table_Name: vpn_enc_domain; : (+); Attributes: static, id 381; product: VPN-1 & FireWall-1;  

8:26:33        192.168.29.25>    : (+); First: 10.20.201.1; ,Last: 10.20.201.3; product: VPN-1 & FireWall-1;
8:26:33        192.168.29.25>    : (+); First: 172.18.1.0; ,Last: 172.18.1.255; product: VPN-1 & FireWall-1;
8:26:33        192.168.29.25>    : (+); First: 192.168.20.251; ,Last: 192.168.20.253; product: VPN-1 & FireWall-1;  
;8:26:33        192.168.29.25>    : (+); First: 192.168.21.0; ,Last: 192.168.21.255; product: VPN-1 & FireWall-1;
8:26:33        192.168.29.25>    : (+); First: 192.168.22.11; ,Last: 192.168.22.12; product: VPN-1 & FireWall-1;

Another command that gives the local encryption domain, on few firewalls I tried the output was the same , so Don’t know what the difference fw tab -f -t vpn_enc_domain_valid

Using cptfmt
localhost:
Date: Apr 7, 2010
 8:52:30        192.168.29.25>     : (+)====================================(+); Table_Name: sr_enc_domain_valid; : (+); Attributes: static, id 380; product: VPN-1 & FireWall-1;  
8:52:30        192.168.29.25>    : (+); First: 10.20.201.1; ,Last: 10.20.201.3; product: VPN-1 & FireWall-1;  
8:52:30        192.168.29.25>    : (+); First: 172.18.1.0; ,Last: 172.18.1.255; product: VPN-1 & FireWall-1;
 8:52:30        192.168.29.25>    : (+); First: 192.168.20.251; ,Last: 192.168.20.253; product: VPN-1 & FireWall-1;  
8:52:30        192.168.29.25>    : (+); First: 192.168.21.0; ,Last: 192.168.21.255; product: VPN-1 & FireWall-1;  
8:52:30        192.168.29.25>    : (+); First: 192.168.22.11; ,Last: 192.168.22.12; product: VPN-1 & FireWall-1;

See encryption domain for Secure Remote users:
fw tab -f -t sr_enc_domain_valid

Using cptfmt
localhost:
Date: Apr 7, 2010
 8:52:30        192.168.29.25>     : (+)====================================(+); Table_Name: sr_enc_domain_valid; : (+); Attributes: static, id 380; product: VPN-1 & FireWall-1;

 8:52:30        192.168.29.25>    : (+); First: 10.20.201.1; ,Last: 10.20.201.3; product: VPN-1 & FireWall-1;
 8:52:30        192.168.29.25>    : (+); First: 172.18.1.0; ,Last: 172.18.1.255; product: VPN-1 & FireWall-1;
 8:52:30        192.168.29.25>    : (+); First: 192.168.20.251; ,Last: 192.168.20.253; product: VPN-1 & FireWall-1;
 8:52:30        192.168.29.25>    : (+); First: 192.168.21.0; ,Last: 192.168.21.255; product: VPN-1 & FireWall-1;
 8:52:30        192.168.29.25>    : (+); First: 192.168.22.11; ,Last: 192.168.22.12; product: VPN-1 & FireWall-1;

To see SPI database entries of established VPN tunnels and its parameters:
#fw tab -f -t inbound_SPI

Using cptfmt
localhost:
Date: Apr 7, 2010
 8:34:56        192.168.29.25>     : (+)====================================(+); Table_Name: inbound_SPI; : (+); Attributes: dynamic, id 289, attributes: keep, sync, expires 3600, limit 40800, hashsize 65536, kbuf 1 3, free function f9b32640 0, post sync handler f9b22330; product: VPN-1 & FireWall-1;

 8:34:56        192.168.29.25>    : (+); SPI: d21c5e68; CPTFMT_sep: ;; Protocol: IPSEC_ESP_SA(2); ,Schema: IKE(3); ,me: 192.168.22.11; ,peer: 122.18.9.20; ,owner: 127.0.0.1; ,MyRange:First: 192.168.21.0; Last: 192.168.21.255; ,PeerRange:First: 192.168.214.0; PeerLast: 192.168.214.255; ,HWInitialized: NO; ,MSPI: 13; ,Host: 192.168.22.11; ,Peer: 122.18.9.20; Expires: 2149/3610; product: VPN-1 & FireWall-1;

To see the active VPN peers with IKE phase up fw tab -f -t IKE_peers

Date: Apr 7, 2010
 8:36:36        192.168.29.25>     : (+)====================================(+); Table_Name: IKE_peers; : (+); Attributes: dynamic, id 333, attributes: keep, sync, expires  never, limit 25000, hashsize 512; product: VPN-1 & FireWall-1;

 8:36:36        192.168.29.25>    IkePeer: 212.13.12.128; : (+); Expires: 876861451/2147483647; product: VPN-1 & FireWall-1;
 8:36:36        192.168.29.25>    IkePeer: 212.13.12.129; : (+); Expires: 876861451/2147483647; product: VPN-1 & FireWall-1;

Here you can see what port is used for NAT traversal:
fw tab -f -t natt_port

Date: Apr 7, 2010
 8:37:34        192.168.29.25>     : (+)====================================(+); Table_Name: natt_port; : (+); Attributes: dynamic, id 369, attributes: expires  never, limit 25000, hashsize 4; product: VPN-1 & FireWall-1;

 8:37:34        192.168.29.25>    Key: 00001194; Expires: 876861393/2147483647; product: VPN-1 & FireWall-1;
 **The value is in hex 0x1194 = 4500 **

List table of Security Associations fw tab -f -t IKE_SA_table

Date: Apr 7, 2010
 8:41:47        192.168.29.25>     : (+)====================================(+); Table_Name: IKE_SA_table; : (+); Attributes: dynamic, id 297, attributes: keep, sync, expires 3600, limit 40400, hashsize 65536, implies 296, kbuf 1, free function f9b22830 0, post sync handler f9b25d80; product: VPN-1 & FireWall-1;

 8:41:47        192.168.29.25>    : (+); ,CookieI: 1a4406adfa1e1b26; ,CookieR: a64bea22245f2ac2; CPTFMT_sep: ;; EncryptAlg: 0; ,HashAlg: 0; ,DH_Group: 0; ,AuthMethod: 1; ,Flags: 0; ,RenegotiationTime: 2046191617; Expires: 20089/86399; product: VPN-1 & FireWall-1;

Pretty much the same data , number of peers

fw tab -f -t peers_count

Date: Apr 7, 2010
 8:46:48        192.168.29.25>     : (+)====================================(+); Table_Name: peers_count; : (+); Attributes: dynamic, id 332, attributes: keep, expires  never, limit 10200, hashsize 16384, kbuf 1; product: VPN-1 & FireWall-1;
 8:46:48        192.168.29.25>    : (+); IPsec peer: 31.112.182.6; CPTFMT_sep: ;; ,Ref-count: 2; Expires: 876860840/2147483647; product: VPN-1 & FireWall-1;
 8:46:48        192.168.29.25>    : (+); IPsec peer: 122.18.9.20; CPTFMT_sep: ;; ,Ref-count: 1; Expires: 876860840/2147483647; product: VPN-1 & FireWall-1;

List of hosts with which this firewall has currently open sessions (whatever they may be ):
fw tab -f -t static_interface_resolve

Date: Apr 7, 2010
 8:55:59        192.168.29.25>     : (+)====================================(+); Table_Name: static_interface_resolve; : (+); Attributes: static, id 387; product: VPN-1 & FireWall-1;

 8:55:59        192.168.29.25>    : (+); Peer_interface: 10.20.20.1; ,Peer_main_addr: 21.23.9.2; product: VPN-1 & FireWall-1;
 8:55:59        192.168.29.25>    : (+); Peer_interface: 58.13.2.78; Peer_resolved_addr: 58.13.2.78; ,Peer_main_addr: 58.13.2.78; product: VPN-1 & FireWall-1;

To list NAT rules numbers as appear in the SmartDashboard that have Any as destination and as source correspondingly:
#fw tab -f -t NAT_dst_any_list

Date: Apr 7, 2010
 9:01:13        192.168.29.25>     : (+)====================================(+); Table_Name: NAT_dst_any_list; : (+); Attributes: static, id 434; product: VPN-1 & FireWall-1;

 9:01:13        192.168.29.25>    Key: 0000000a, 0000000a; product: VPN-1 & FireWall-1; //Rule number 10
 9:01:13        192.168.29.25>    Key: 0000000c, 0000000c; product: VPN-1 & FireWall-1;  //Rule number 12
 9:01:13        192.168.29.25>    Key: 0000000e, 0000000e; product: VPN-1 & FireWall-1;

#fw tab -f -t NAT_src_any_list

Date: Apr 7, 2010
 9:00:31        192.168.29.25>     : (+)====================================(+); Table_Name: NAT_src_any_list; : (+); Attributes: static, id 433; product: VPN-1 & FireWall-1;

 9:00:31        192.168.29.25>    Key: 00000006, 00000006; product: VPN-1 & FireWall-1;  // Rule number 6
  9:00:31        192.168.29.25>    Key: 00000007, 00000007; product: VPN-1 & FireWall-1; // Rule number 7

List all NAT rules .
Here all IP addresses are in hexadecimal representation . To translate it to usual decimal one I translate (say using calc.exe) Hex -> Integer , then using some Internet converter , Integer -> decimal . In () are my comments fw tab -f -t NAT_rules

Date: Apr 7, 2010
 9:02:19        192.168.29.25>     : (+)====================================(+); Table_Name: NAT_rules; : (+); Attributes: static, id 435; product: VPN-1 & FireWall-1;

 9:02:19        192.168.29.25>    Key: 00000001(Rule number); CPTFMT_sep: ;; Data: 00000000, 00000000, ff000001 (255.0.0.1) , BD8AFF3C (189.138.255.60 Original Src in Nat rule), BD8AFF3C, c0a8d1fd (192.168.209.253 Translated source IP), ff010202 (255.1.2.2), C0A81596 (192.168.21.150 Original packet destination) , C0A81596, C0A81596, 00000000, 00000000, 00000000, 00000000; product: VPN-1 & FireWall-1;

List open connection to/from the firewall:
#fw tab -f -t connections

Date: Apr 7, 2010
10:22:43        80.19.1.150>     : (+)====================================(+); Table_Name: connections; : (+); Attributes: dynamic, id 8158, attributes: keep, sync, aggressive aging, kbuf 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31, expires 60, refresh, limit 75000, hashsize 262144, free function f9faf4e0 0, post sync handler f9fa3470; product: VPN-1 & FireWall-1;

10:22:43        80.19.1.150>    : -----------------------------------(+); Direction: 1; Source: 172.17.110.111; SPort: 1517; Dest: 210.48.77.30; DPort: 443; Protocol: tcp; CPTFMT_sep_1: ->; Direction_1: 0; Source_1: 172.17.110.111; SPort_1: 1517; Dest_1: 210.48.77.30; DPort_1: 443; Protocol_1: tcp; FW_symval: 2; product: VPN-1 & FireWall-1;

Something that has to do with IPS I guess:
fw tab -f -t string_dictionary_table

Date: Apr 7, 2010
10:23:52        80.19.1.150>     : (+)====================================(+); Table_Name: string_dictionary_table; : (+); Attributes: dynamic, id 8135, attributes: keep level 2, kbuf 1, expires  never, limit 32768, hashsize 4096; product: VPN-1 & FireWall-1;
10:23:52        80.19.1.150>    Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: dc17462d0fdcfdfd42c80679dbd63b4; ID: 3672; Data: Microsoft Windows search-ms protocol handler command execution (MS08-075); Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: e36d6da340f3ce9df3d02fd991b07765; ID: 822; Data: Command '%s'  is out of expected state '%s'; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: c377d9acdbb7a8a3cd182b514df494d; ID: 657; Data: smtp_block_bin_enable; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: 34bd42a272028c23476653dfcbac806d; ID: 648; Data: Out of bounds - an offset was given that references outside the packet; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: b8d505cb64b542f15dcea55a93802fb; ID: 2681; Data: Cisco IOS IPv4 Packets Denial of Service; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: 30f7c4e2db021c4977c2a92b48bb97ed; ID: 2241; Data: Invalid SIT field in SA payload header; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: 29aa7499fca2d0cdc9f9d954c9a7b7d2; ID: 979; Data: Virtual defragmentation error: Memory failure; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    Hash: de1c15759f50957189b1ba346bfc07fa; ID: 655; Data: Security violation; Expires: 876858615/2147483647; product: VPN-1 & FireWall-1;
 10:23:52        80.19.1.150>    More_Entries: 7782; product: VPN-1 & FireWall-1;

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.