INSPECT is a feature in Check Point FireWall-1 that is poorly documented but can be very useful if people become familiar with it. Certain people within Check Point claim INSPECT is poorly documented because the language itself has not stabilized. I've also heard from various sources that the next version of FireWall-1 will have better INSPECT documentation. However, none of these facts have changed in quite some time. In fact, almost all information about the INSPECT language has been removed from the FireWall-1 documentation.
This chapter offers a brief introduction to how INSPECT works. The information should be useful to those who are looking for a more detailed understanding of how FireWall-1 works and to those who want to permit more-advanced services through FireWall-1. This chapter is not meant to cover the INSPECT language comprehensively. However, several examples of INSPECT code are included.
By the end of this chapter, you should be able to:
Understand what INSPECT is
Determine what you can and cannot do with INSPECT
Understand how FireWall-1 converts your rulebase into INSPECT
Write your own INSPECT code