| Checkpoint
Firewalls Troubleshooting Command Line |
| Check Point Environment
variables (most common ones) |
| $FWDIR FW-1 ---installation
directory, with f.i. the conf, log, lib, bin and spool directories. You will
mostly |
| work in this tree. |
| $CPDIR ---SVN Foundation /
cpshared tree. |
| $CPMDIR ---Management server
installation directory. |
| $FGDIR ---FloodGate-1
installation directory. |
| $MDSDIR ---MDS installation
directory. Same as $FWDIR on MDS level. |
| $FW_BOOT_DIR ---Directory with
files needed at boot time. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Basic starting and stopping |
| cpstop ---Stop all Check Point
services except cprid. You can also stop specific services by issuing an |
| option with cpstop. |
| cpstart ---Start all Check
Point services except cprid. cpstart works with the same options as cpstop. |
| cprestart ---Combined cpstop
and cpstart. Complete restart. |
| cpridstop ---Stop cprid, the
Check Point Remote installation Daemon. |
| cpridstart ---Start cprid, the
Check Point Remote installation Daemon. |
| cpridrestart ---Combined
cpridstop and cpridstart. |
| fw kill [-t sig] proc_name
---Kill a Firewall process. PID file in $FWDIR/tmp/ must be present. Per
default sends |
| signal 15 (SIGTERM). |
| Example: fw kill -t 9 fwm |
| fw unloadlocal ---Uninstall
local security policy and disables forwarding. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| View and manage logfiles |
| fw lslogs ---View a list of
available fw logfiles and their size. |
| fwm logexport
---Export/display current fw.log to stdout. |
| fw logswitch [-audit] ---Write
the current (audit) logfile to YY-MM-DDHHMMSS. log and start a |
| new fw.log. |
| fw log -c <action>
---Show only records with action <action>, e.g. accept, drop, reject
etc. Starts |
| from the top of the log, use
-t to start a tail at the end. |
| fw log -f -t ---Tail the
actual log file from the end of the log. Without the -t switch it starts |
| from the beginning. |
| fw log -b <starttime>
<endtime> ---View today's log entries between <starttime> and
<endtime>. |
| Example: |
| fw log -b 09:00:00 09:15:00. |
| fw fetchlogs -f <file>
module ---Fetch a logfile from a remote CP module. NOTICE: The log will be |
| moved, hence deleted from the
remote module. Does not work with current fw.log. |
| fwm logexport -i in.log -o
out.csv -d ',' -p -n ---Export logfile in.log to file out.csv, use , (comma)
as delimiter |
| (CSV) and do not resolve
services or hostnames. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Display and manage licenses |
| cp_conf lic get ---View
licenses. |
| cplic print ---Display more
detailed license information. |
| fw lichosts ---List protected
hosts with limited hosts licenses. dtps lic SecureClient Policy Server
license |
| summary. |
| cplic del <sig>
<obj> ---Delete CP license with signature sig from object obj. |
| cplic get <ip host|-all>
---Retrieve all licenses from a certain gateway or all gateways in order to
synchronize |
| license repository on the
SmartCenter server with the gateway(s). |
| cplic put <-l file>
---Install local license from file to an local machine. |
| cplic put <obj> <-l
file> ---Attach one or more central or local licenses from file remotely
to obj. |
| cprlic ---Remote license
management tool. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ClusterXL |
| ATRG -- sk93306 |
| cp_conf ha enable|disable
[norestart] ---Enable or disable HA. |
| cphastop ---Disable ClusterXL
on the cluster member. Issued on a cluster member running in HA |
| Legacy Mode cphastop might
stop the entire cluster. |
| cphastart ---Activate
ClusterXL on this cluster member. |
| fw hastat ---View HA state of
local machine. |
| cphaprob state ---View HA
state of all cluster members. |
| cphaprob -a if ---View
interface status. |
| cphaprob -ia list ---View list
and state of critical cluster devices. |
| cphaprob syncstat ---View sync
transport layer statistics. Reset with -reset. |
| cphaconf set_ccp
<broadcast|multicast> ---Configure Cluster Control Protocol (CCP) to
use unicast or multicast |
| messages. By default set to
multicast. Setting survives reboot. |
| clusterXL_admin
<up|down> ---Perform a graceful manual failover by registering a
faildevice. |
| Note: DO NOT run any cphaconf
commands other than set_ccp |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SecureXL |
| ATRG --sk98722 |
| fwaccel on |
| fwaccel off ---"-q"
flag suppresses the output |
| fwaccel ver |
| fwaccel stat |
| fwaccel stats -s Prints the
acceleration statistics for Network Access Control (NAC) |
| fwaccel stats -d Prints the
acceleration statistics for dropped packets |
| fwaccel stats -n |
| fwaccel stats -p Prints the
acceleration statistics for SecureXL violations (F2F packets) |
| fwaccel stats -l Prints all
acceleration statistics in Legacy mode (output is not divided into sections) |
| file:///C|/Users/kwinfiel/Desktop/CCSE%20ADV%20TS/CLI%20Command%20line%20cheat%20sheet.txt[5/11/2015
9:26:32 AM] |
| fwaccel stats -m Prints the
acceleration statistics for multicast traffic |
| fwaccel stats -r Resets all
acceleration statistics |
| fwaccel conns Prints the
SecureXL Connections Table ('cphwd_db') |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| CoreXL |
| ATRG: CoreXL --sk98737 |
| fw ctl multik --Controls
CoreXL FW instances |
| fw ctl multik ---Prints the
general help message with available parameters |
| fw ctl multik stat ---Prints
the summary table for CPU cores and CoreXL FW instances |
| fw ctl multik start ---Starts
CoreXL |
| fw -i Instance_ID ctl multik
start ----Starts specific CoreXL FW instance |
| fw ctl multik stop ---Stops
CoreXL |
| fw -i Instance_ID ctl multik
stop ---Stops specific CoreXL FW instance |
| fw ctl affinity
<options> ---Controls CoreXL affinities of interfaces / processes /
CoreXL FW instances to CPU core |
| fw ctl affinity ---Prints the
help message with available options |
| fw -d ctl affinity -corelicnum
---Prints the number of system CPU cores allowed by CoreXL license |
| fw ctl affinity -l ---Prints
the current CoreXL affinities - output shows affinities of
interfaces/processes/CoreXL FW |
| instances to CPU cores |
| fw ctl affinity -l -r
---Prints the current CoreXL affinities in reverse order - output shows CPU
cores and which |
| interface/process/CoreXL FW
instance is affined to each CPU core |
| fw ctl affinity -l -a
---Prints all current CoreXL affinities - output shows affinities of
interfaces/processes/CoreXL |
| FW instances to CPU cores, and
also shows targets without specific affinity |
| fw ctl affinity -l -v
---Prints the current CoreXL affinities - verbose output shows affinities of |
| interfaces/processes/CoreXL FW
instances to CPU cores (targets are shown as 'Interface' (with IRQ),
'Kernel', 'Process' |
| fw ctl affinity -l -q
---Prints the current CoreXL affinities - output shows affinities of
interfaces/processes/CoreXL |
| FW instances to CPU cores, and
suppresses errors |
| fw ctl affinity -l -r -a -v
---Prints the current CoreXL affinities - verbose output that combines all
possible outputs |
| (shows all targets in reverse
order) fw ctl affinity -l -p PID [-r] [-a] [-v] Prints the current CoreXL
affinity of the |
| specified process (by PID) to
CPU cores |
| fw ctl affinity -l -n
Daemon_Name [-r] [-a] [-v] ---Prints the current CoreXL affinity of the
specified process (by |
| name [maximal length = 255
characters]) to CPU cores |
| fw ctl affinity -l -k
Instance_ID [-r] [-a] [-v] ---Prints the current CoreXL affinity of the
specified CoreXL FW |
| instance to CPU cores |
| fw ctl affinity -l -i
Interface_Name [-r] [-a] [-v] ---Prints the current CoreXL affinity of the
specified interface to cpu cores |
| fw ctl affinity -s
<target> { CPU_ID [ CPU_ID ... ] | all } ---Sets CoreXL Affinity |
| fw ctl affinity -s -p PID {
CPU_ID [ CPU_ID ... ] | all } ---Sets CoreXL affinity of the specified
process (by PID) |
| to CPU cores |
| fw ctl affinity -s -n
Daemon_Name { CPU_ID [ CPU_ID ... ] | all } ---Sets CoreXL affinity of the
specified |
| process (by name [maximal
length = 255 characters]) to CPU cores |
| fw ctl affinity -s -k
Instance_ID { CPU_ID [ CPU_ID ... ] | all } ---Sets CoreXL affinity of the
specified CoreXL |
| FW instance to CPU cores |
| fw ctl affinity -s -i
Interface_Name { CPU_ID [ CPU_ID ... ] | all } ---Sets CoreXL affinity of the
specified interface |
| to CPU cores |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Traffic Gathering /monitoring |
| TCPdump |
| ATRG -sk40072 |
| tcpdump -i <int name>
host <ip> -w filename |
| tcpdump -i <int name>
tcp port <port number> |
| tcpdump -i <int name>
udp port <port number> |
| tcpdump -i <int name>
proto ospf |
| FW Monitor |
| ATRG - 41045 |
| Functionality |
| There are four inspection
points when a packet passes through a Security Gateway: |
| Pre-Inbound - marked as 'i' |
| Post-Inbound - marked as 'I' |
| Pre-Outbound - marked as 'o' |
| Post-Outbound - marked as 'O' |
| |
| Note: |
| The direction
(inbound/outbound) relates to each specific packet, and not to the
connection. |
| fw monitor -e 'accept
src=x.x.x.x or dst=v.v.v.v;' -o filename.cap |
| fw monitor -e
"accept;" -o /var/log/fw_mon.cap |
| fw monitor -e
"((src=x.x.x.x , dst=y.y.y.y) or (src=y.y.y.y , dst=x.x.x.x)),
accept;" -o /var/log/fw_mon.cap |
| fw monitor Examples: |
| # packets with IP 192.168.1.12
as SRC or DST |
| fw monitor -e 'accept
host(192.168.1.12);' |
| # all packets from
192.168.1.12 to 192.168.3.3 |
| fw monitor -e 'accept
src=192.168.1.12 and dst=192.168.3.3;' |
| # UDP port 53 (DNS) packets,
pre-in position is before 'ippot_strip' |
| fw monitor -pi ipopt_strip -e
'accept udpport(53);' |
| # UPD traffic from or to
unprivileged ports, only show post-out |
| fw monitor -m O -e 'accept udp
and (sport>1023 or dport>1023);' |
| # Windows traceroute (ICMP,
TTL<30) from and to 192.168.1.12 |
| fw monitor -e 'accept
host(192.168.1.12) and tracert;' |
| # Capture web traffic for VSX
virtual system ID 23 |
| fw monitor -v 23 -e 'accept
tcpport(80);' |
| # Capture traffic on a
SecuRemote/SecureClient client into a file. |
| # srfw.exe in $SRDIR/bin
(C:\Program Files\CheckPoint\SecuRemote\bin) |
| srfw monitor -o
output_file.cap |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Kernel debug 'fw ctl debug' |
| Usage: |
| fw ctl debug -h ---Default
(clear) all current kernel debugging options: |
| fw ctl debug 0 ---Disable all
kernel debugging options (de-allocates the buffer automatically kills
"fw ctl debug" |
| process): |
| fw ctl debug -x ---Allocate
the debugging buffer (to catch debug messages): |
| fw ctl debug -buf 32000
---Enable desired debug flags (in addition to the default flags): |
| fw ctl debug -m MODULE_NAME +
FLAG1 FLAG2 FLAG3 ---Enable only the specified debug flags (all other |
| flags will be overwritten): |
| fw ctl debug -m MODULE_NAME -
FLAG6 FLAG7 ---Disable undesired debug flags: |
| fw ctl debug ---Display all
kernel modules and their flags that Security Gateway "understands": |
| fw ctl debug -m ---Display the
flags for specific module that were turned on: |
| fw ctl debug -m MODULE_NAME
---Print the timestamp in debug output (t = seconds ; T = microseconds): |
| fw ctl kdebug -t or fw ctl
kdebug -T |
| fw ctl kdebug -T -f >
/var/log/debug.txt ---Save the debug messages from debugging buffer into a
file: |
| To stop the debug - press
CTRL+C |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Zdebug drop |
| Fw ctl Zdebug drop >
filename.out |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 61000/41000 CLI commands |
| Information |
| asg stat [-v] ---Blade and
policy status for all chassis |
| asg monitor ---Monitor blade
and policy status |
| asg resource [-v] ---SGM
resource use |
| asg if ---Chassis interface
information |
| asg_route ---Routing tables
for all SGMs |
| asg perf [-v -a -p -k]
---Continously monitor performance |
| asg conns [-b <blade>]
---Show connections per blade |
| asg config show ---Show gclish
configuration for all blades |
| asg cores_stat ---CoreXL
information for all blades |
| asg_info -w ---Asg Info
Diagnostic File |
| asg_auditlog ---Chassis audit
log |
| asg_blade_config
is_in_security_group ---Check if SMG is in security group |
| asg_blade_config get_smo_ip
---Get SMO ip address |
| asg dxl stat ---Blade
Distribution Stats |
| asg dxl dist_mode verify [-v]
---Blade Distribution Mode |
| g_all mpstat ---CPU use for
all blades |
| asg if -p ---Interface
Performance Information |
| Navigation |
| blade 1_02 ---to change to
chassis 1 blade 2 |
| Security Switch Module (SSM) |
| asg_chassis_ctrl start_ssm
<SSM> ---Start SSM |
| asg_chassis_ctrl shutdown_ssm
<SSM> ---Stop SSM |
| asg_chassis_ctrl restart_ssm
<SSM> ---Restart SSM |
| asg_chassis_ctrl active_ssm
---Get active SSMs |
| asg_chassis_ctrl
get_ssm_firmware <SSM> ---SSM Firmware version |
| asg_chassis_ctrl get_ssm_type
<SSM> ---SSM Hardware version |
| asg_chassis_ctrl get_bmac
<SSM> ---MAC Addresses on SSM |
| show chassis id 1 module
<SSM1|SSM2> ip ---Show SSM's CIN Address |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Configuration and Policy |
| asg_ntp_sync_config
---Configure NTP on all blades |
| asg security_group
---Configure SGM security group |
| asg_blade_config pull_config
all <bladeIP> ---Pull config from another blade |
| asg_blade_config fetch_smc
---Fetch policy for all blades from smc |
| asg_policy fetch ---Fetch the
policy for all SGMs |
| asg_policy unload ---Unload
policy for all SGMs |
| asg policy verify ---View
installed policy for each SGM |
| g_all <command>
---Return command from all blades |
| gexec -a -c <Command>
---Execute command on blades |
| asg_cp2blades <SrcFile>
[<DstFile>] ---Copy file to all blades |
| asg alert Configure ---Chassis
Alerts (SNMP/SMS) |
| asg_sync_manager ---Chassis
Syncronization Wizard |
| fwaccel <on|off|stat>
---SecureXL control |
| g_update_conf_file fwkern.conf
<Kernel Parameter> ---Set kernel parameter for all blades |
| View available kernel
parameters by ruinning modinfo against the kernel file |
| modinfo
$FWDIR/boot/modules/fwmod.2.6.18.cp.i686.o |
| Chassis |
| asg_sgm_serial ---SGM Serial
Numbers |
| asg_serial_info ---CMM,SSM and
Chassis Serial Numbers |
| asg diag verify ---Chassis
diagnostic and results |
| asg_version ---Version
information for all blades |
| asg stat -i tasks ---Used to
identify the SMO blade |
| asg chassis_admin -c
<chassis> [down|up] ---Administratively down/up a chassis |
| asg sgm_admin -b <blade>
<up|down> ---Administratively down/up a blade |
| asg_reboot -b <Blade>
---Reboot blade(s) or Chassis |
| asg_reboot -b chassis1 |
| asg_reboot -b 1_01 |
| asg_reboot -b 1_01,1_03 |
| asg_chassis_ctrl
get_psu_status ---Chassis PUS status |
| asg_chassis_ctrl get_cpus_temp
<Blade> ---SGM CPU Temeperature |
| asg_chassis_ctrl
get_power_type ---Returns AC/DC |
| asg hw_monitor ---Chassis
Hardware Stats |
| set chassis high-availability
primary-chassis <0-2> ---Set chassis priority |
| set chassis high-availability
factors <x> ---Change chassis component score(s) |
| See cli guide for additional
syntax |
| Chassis Control Module (CMM) |
| asg_chassis_ctrl restart_cmm
<CMM#> Restart CMM |
| asg_chassis_ctrl
get_cmm_status Get CMM status and firmware version |
| Active CMM CIN address
198.51.100.33 |
| Standby CMM CIN address
198.51.100.233 |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| GCLISH Commands |
| gclish ---enter global clish
shell |
| show configuration ---List
gclish text configuration |
| set bonding group <ID>
lacp_rate slow ---Configure bonding rate |
| verify bonding rate by
running: cat /proc/net/bonding/bond<ID> |
| asg_config save -t
<File> ---Save Gclish config to a text file |
| save config ---Save Gclish
configuration |
| Packet Captures and
Troubleshooting |
| tcpdump -mcap -w
<outfile> -nnei <IF> ---Packet capture from all blades |
| asg search ---Search blades
for specific connection |
| g_fw ctl zdebug drop
---Dropped packet debug across all blades |
| g_fw ctl zdebug -m cluster +
correction ---Kernel debug across all blades |
| dxl calc <> ---Determine
the blade a connection will use. Based on the src and dst pair |
| asg log
<audit|smd|ports> {-b <blade string>} ---View messages from
blade(s) or chassis |
| Image Management |
| show snapshots ---List current
snapshots (gclish) |
| add snapshot <name>
---Create new snapshot (gclish) |
| delete snapshot <name>
---Delete snapshot from respoitory (gclish) |
| set snapshot import
<name> path <path to snapshot> ---Add snapshot to respoitory
(gclish) |
| set global-mode off/on
---Disable global mode for gclish |
| set snapshot export
<name> path <path to export to> ---Export snapshot from
repository (shell) |
| Note: The snapshot cannot
contain .tgz in the name |
| g_snapshot -b <blade
string> revert <snapshot name> ---Revert snapshot on blade(s)
(shell) |
| backup_system backup
<name> ---Create backup package |
| Note this creates 4 separate
files |
| watch -d "g_all dbget
snap:show:progress" ---View snapshot revert progress |
| Gaia Interface and Routes |
| set interface <IF Name>
ipv4-address <IP Address> mask-length <Bit Length> ---Configure
Address on |
| Interface (Physical/VLAN/Bond) |
| set interface <IF Name>
state on/off ---Enable/Disable Interface |
| (Physical/VLAN/Bond) |
| add interface <IF NAME>
vlan <VLAN ID> ---Add VLAN Interface |
| add bonding group <Bond
ID> interface <IF Name> ---Create and Enslave Bonded |
| Interface(s) |
| add interface <IF Name>
alias <Address>/<Mask Length> ---Create Interface Alias |
| set static-route
<Network>/<Netmask> nexthop gateway address <Gateway> on
---Configure Static |
| Route |
| set static-route default
nexthop gateway address <Gateway> on ---Configure Default Route |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| VSX |
| vsx stat [-v] [-l] [id]
---Display VSX status. Verbose output with -v, interface list with -l or
status of single |
| system with VS ID <id>. |
| vsx get ---View current shell
context. |
| vsx set <id> ---Set
context to VS with the ID <id>. |
| vsx sic reset <id>
---Reset SIC for VS ID <id>. |
| file:///C|/Users/kwinfiel/Desktop/CCSE%20ADV%20TS/CLI%20Command%20line%20cheat%20sheet.txt[5/11/2015
9:26:32 AM] |
| cpinfo -x <vs> ---Start
cpinfo collecting data for VS ID <vs>. |
| fw -vs <id> getifs
---View driver interface list for a VS. You can also use the VS name instead
of -vs <id>. |
| fw tab -vs <id> -t
<table> ---View state tables for virtual system <id>. |
| fw monitor -v <id> -e
'accept;' ---View traffic for virtual system with ID <id>. |
| Attn: with fw monitor use -v
instead of -vs |
| In general, a lot of Check
Point's commands do understand the -vs <id> switch. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Provider-1 |
| mdsenv [cma_name] ---Set the
environment variables for MDS oder CMA level. |
| mdsstart [-m|-s] Starts the
MDS and all CMAs (10 at a time). ---Start only the MDS with -m or the CMAs |
| subsequently with -s. |
| mdsstop [-m] ---Stop MDS and
all CMAs or with -m just the MDS. |
| mdsstat [cma_name]|[-m]
---Show status of the MDS and all CMAs or a certain customer's |
| CMA. Use -m for only MDS
status. |
| cpinfo -c <cma>
(Remember to run mdsenv <cma> in advance.) ---Create a cpinfo for the
customer cma <cma>. |
| mcd <directory> ---Quick
cd to $FWDIR/<directory> of the current CMA. |
| mdsstop_customer <cma>
Stop CMA. ---Run mdsenv <cma> in advance. |
| mdsstart_customer <cma>
Start CMA. ---Run mdsenv <cma> in advance |
| mdsconfig MDS replacement for
cpconfig. ---mds_backup Backup binaries and data to current directory. |
| You can exclude files by
specifying them in $MDSDIR/conf/mds_exclude.dat. |
| mds_restore <file>
---Restore MDS backup from file. Notice: you may need to copy |
| mds_backup from
$MDSDIR/scripts/ as well as gtar and gzip from $MDS_SYSTEM/shared/ to the |
| directory with the backup
file. Normally, mds_backup does this during backup |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| VPN & VPN Debugging |
| vpn ver [-k] ---Check VPN-1
major and minor version as well as build number and latest hotfix. Use -k for |
| kernel version. |
| vpn tu ---Start a menu based
VPN TunnelUtil program where you can list and delete Security |
| Associations (SAs) for peers.
vpn shell Start the VPN shell. |
| vpn debug ikeon|ikeoff
---Debug IKE into $FWDIR/log/ike.elg. |
| vpn debug on|off ---Debug VPN
into $FWDIR/log/vpnd.elg. |
| vpn debug trunc ---Truncate
and stamp logs, enable IKE & VPN debug. |
| vpn drv stat ---Show status of
VPN-1 kernel module. |
| vpn overlap_encdom ---Show, if
any, overlapping VPN domains. |
| vpn macutil <user>
---Show MAC for Secure Remote user <user>. |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Site to site VPN
troubleshooting |
| 1. Turn on debugs |
| vpn debug trunc |
| vpn debug on TDERROR_ALL_ALL=5 |
| 2. Run the following command
to reset the tunnel |
| (not needed if you are testing
a Remote Access VPN): |
| vpn tu |
| Then select the option that
reads, |
| Delete all IPsec+IKE SAs for a
given peer (GW) |
| enter your remote GW ip
address |
| exit the utility |
| 3. Try to build the tunnel
back up again, in both directions, |
| attempt to connect from YOUR
NETWORK to a device in |
| the remote encryption domain
and then attempt to connect |
| from THE REMOTE NETWORK to a
device in the local |
| encryption domain. |
| 4. Turn off debugs |
| vpn debug ikeoff |
| vpn debug off |
| debug file location: |
| SecurePlatform -
$FWDIR/log/ike.elg* |
| $FWDIR/log/vpnd.elg* |
| Windows - %FWDIR%\log\ike.elg* |
| %FWDIR%\log\vpnd.elg* |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| FWD -- Logging/Policy debug |
| 1. Turn on debug |
| fw debug fwd on
TDERROR_ALL_ALL=5 |
| 2. Recreate issue |
| 3. Turn off debug |
| fw debug fwd off
TDERROR_ALL_ALL=0 |
| debug file location: |
| SecurePlatform -
$FWDIR/log/fwd.elg |
| Windows - %FWDIR%\log\fwd.elg |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| FWM -- policy/Dashboard/Mgt HA
Sync debug |
| Debug it! |
| 1. Turn on debug |
| fw debug fwm on
TDERROR_ALL_ALL=5 |
| 2. Recreate issue |
| 3. Turn off debug |
| fw debug fwm off
TDERROR_ALL_ALL=0 |
| debug file location: |
| SecurePlatform -
$FWDIR/log/fwm.elg |
| Windows - %FWDIR%\log\fwm.elg |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| CPD --- SIC debug |
| Debug it! |
| 1. Turn on debug |
| cpd_admin debug on
TDERROR_ALL_ALL=5 |
| 2. Recreate issue |
| 3. Turn off debug |
| cpd_admin debug off
TDERROR_ALL_ALL=0 |
| debug file location: |
| SecurePlatform -
$CPDIR/log/cpd.elg |
| Windows - %CPDIR%\log\cpd.elg |
| -------------------------------------------------------------------------------------------------------------------------------- |
