INSPECT is a programming language for Check Point's Stateful Inspection engine in FireWall-1. When you install your security policy generated in the Policy Editor, your rulebase is converted to an INSPECT script. Most people never need to look at INSPECT code, but if you need to make FireWall-1 support more than just simple services (e.g., where only one connection is opened from the client to the server), you will need to use INSPECT. You may not have to write a full INSPECT script, but you may have to use snippets of INSPECT to accomplish your goals.

The primary purpose of INSPECT is to analyze a packet from the network layer down to the application layer and make decisions based on what is found. INSPECT, although a very powerful language, has only a few basic functions:

  • Makes comparisons based on any part of a packet

  • Adds, modifies, or deletes entries from state tables

  • Accepts, rejects, drops, or vanishes a packet

  • Calls functions (such as log)