Check Point Troubleshooting and Debugging Tools for Faster Resolution January 24, 2006

Similar documents
Technical Support Files Needed for Troubleshooting

VSX Troubleshooting. Quick guide

Number: Passing Score: 800 Time Limit: 120 min Check Point Certified Security Master

CoreXL Administration Guide

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

Provider-1 Troubleshooting. Quick guide

Check Point R75 Management Essentials Part 2. Check Point Training Course. Section Heading Index. Module 1 Encryption... 3

Check Point VPN-1 Pro NGX IPv6Pack Release Notes May 10, 2006

BraindumpsQA. IT Exam Study materials / Braindumps

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Checkpoint Exam Check Point Security Expert R77 Version: 7.0 [ Total Questions: 736 ]

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

What is the main purpose for the Security managementserver?

What s New in VPN-1 Power VSX NGX

Exam : Title : Accelerated CCSE NGX ( )... Version : Demo

Check Point Connectra Citrix Troubleshooting (4th Edition) October 10, 2005

Check Point Provider-1/SiteManager-1 NG with Application Intelligence (R55) R55_HFA_19 Release Notes February 21, 2007

Clientless SSL VPN End User Set-up

Checkpoint Exam Check Point NG with Application Intelligence - Management I Version: 3.2 [ Total Questions: 241 ]

SecureXL Debug Flags - SIM (R77.30) Table of Contents

Performance Optimization Guide

SmartCenter. Version NGX R61

Installation and Administration Guide

R Release Notes. 18 August Classification: [Public]

How to Connect with SSL Network Extender using a Certificate

VPN-1 NGX R60_HFA_06 Release Notes

Read Me. Using the Enhanced Customer Support Tool

WatchGuard XCS and Outlook Web Access 2013

How To Configure and Tune CoreXL on SecurePlatform

Endpoint Security. Gateway Integration Guide R72

Performance Pack. Administration Guide Version R70. March 8, 2009

Check Point Connectra NGX (R60) HFA_R60_01 Release Notes and What s New September 26, 2005

VPN-1 Power VSX. Administration Guide NGX Scalability Pack

Configuration Examples

Q&As Check Point Certified Security Administrator

VII. Corente Services SSL Client

ClusterXL. Administration Guide Version R70

Check Point Certified Security Expert

How to Configure ClusterXL for L2 Link Aggregation

RSA NetWitness Platform

Performance Tuning R76. Administration Guide. 26 February Classification: [Protected]

Checkpoint Vpn Domain Manually Defined

Checkpoint Check Point VPN-1 VSX NGX. Practice Test. Version 2.0

Procedure to migrate a Checkpoint NG management station with multiple rulebases to a Provider-1 server with multiple CMA s

Configuring Firewalls for SiteProtector Traffic

Monitoring Windows Systems with WMI

Checkpoint Exam Check Point Certified Security Administrator GAiA Version: 6.2 [ Total Questions: 358 ]

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

Check Point 1100 Appliances Frequently Asked Questions

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Software Blades R7x. CC Evaluated Configuration Administration Guide

Contents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7

NGX R65 with Messaging Security

ClusterXL R Administration Guide. 3 March Classification: [Protected]

CheckPoint Accelerated CCSE 1.1 NGX. Download Full Version :

Getting Started with CMS

Integrate Check Point Firewall. EventTracker v8.x and above

CheckPoint. Check Point Certified Security Expert Managed R70

Checkpoint VPN-1 NG/FP3

CheckPoint. Check Point Certified Security Expert Managed R71

Aventail README ASAP Platform version 8.0

Eventia Analyzer. Administration Guide Version NGX R63. December 2006

RPC Over HTTP Install Windows Server 2003 Configure your Exchange 2003 front-end server as an RPC Proxy server

Checkpoint Check Point Certified Security Expert CCSE-R70- Update. Practice Test. Version: 4.0

Implementing Citrix XenApp 5.0 for Windows Server 2008

Check Point VPN-1/FireWall-1 Performance Pack Guide

Hosted Microsoft Exchange Client Setup & Guide Book

Connectra Virtual Appliance Evaluation Guide

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Trend TM Trend Micro ServerProtect 5.x.

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Check Point Security Gateway

Exam Code:

Troubleshooting AB Tutor Control Connection problems

Secure Access Troubleshooting Rewrite related issues (Core/Web Based Access)

Clientless SSL VPN Remote Users

NGX R65 Operational Changes

Provider-1/SiteManager-1. Version NGX R62

Installing SQL Server 2016 Cluster

Note that you can also use the password command but the secret command gives you a better encryption algorithm.

Requirements and Dependencies

Transport and Security Specification

Troubleshooting Cisco Broadband Troubleshooter 3.5

Best Practice - VPN Performance Testing

Troubleshooting CBT 3.3

Eventia Analyzer. Administration Guide Version R70. March 8, 2009

Novell Filr 1.2 Administration Guide. November 2015

Check Point R75 Management Essentials - Part 1

Oracle Big Data Cloud Platform

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

TechTalk: Implementing Citrix Receiver from Windows to iphone. Stacy Scott Architect, Worldwide Technical Readiness

Administration Manual

AT&T Cloud Web Security Service

Number: Passing Score: 800 Time Limit: 120 min File Version:

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure

SmartView Monitor R75. Administration Guide

IBM. WebSphere Application Server V5.0, Multiplatform Administration

10 August Security Gateway. R77 Versions. Technical Administration Guide. Classification: [Protected]

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Transcription:

Check Point Troubleshooting and Debugging Tools for Faster Resolution January 24, 2006 IMPORTANT Check Point recommends that customers stay up-to-date with the latest service packs, HFAs and versions of security products, as they contain security enhancements and protection against new and changing attacks. In This Section Mandatory Support Information page 1 FireWall Common debugging page 2 Security Server debugging page 4 VPN debugging page 5 Provider-1 debugging page 5 VPN-1 VSX debugging page 6 ClusterXL debugging page 6 Connectra debugging page 6 FireWall-1 GX debugging page 6 InterSpect debugging page 7 SNX SSL Network Extender debugging page 7 Further Debugging Memory Diagnostics page 8 Mandatory Support Information The following information is the information that the Customer needs to provide Support when opening a Support Service Request 1) Problem Description, provide a detailed description of the issue 2) Network Topology Diagram, provide a comprehensive diagram which illustrates the described problem. 3) Execute CPINFO on the required Check Point component. To create CPINFO, execute % cpinfo o <Output file>

Over and above the information in the Service Request, it is recommended to do basic debugging. The debugging commands can be found in this document. Important Comments In certain specific scenarios, the debugging commands included in this document may need to be supplemented by more advanced debugging procedures. Advanced procedures should be executed in conjunction with the Check Point Escalation engineers. Debugging should only be performed when the described issue can be captured. FireWall Common debugging Kernel debugging Usage % fw ctl debug -buf [buffer size] % fw ctl debug [-x] [-m <module>] [+ -] <options all 0> % fw ctl kdebug f > <output file> To disable the Kernel debugging, execute: % fw ctl debug buf 0 % fw ctl debug x Common Syntax % fw ctl debug buf 12288 % fw ctl debug m fw conn drop ld packet if % fw ctl kdebug f > <output file> The ld option may cause high CPU usage. It is advised to use it for short session debugging only. To execute the kernel you can also use fw ctl zdebug to allocate the buffer (where the buffer can only be 1024). % fw ctl zdebug % fw ctl kdebug -f > <output file> User Mode Processes debugging In This Section Usage page 3 Debugging CPD page 3 Debugging FWM page 3 Debugging FWD page 3 Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 2

Usage % fw debug <process name> <on/off> TDERROR_ALL_ALL=<value 1-5> CPD is treated differently from the other User Mode processes and will be executed differently, see Debugging CPD on page 3. Debugging CPD CPD is a high in the hierarchichal chain and helps to execute many services, such as Secure Internal Communcation (SIC), Licensing and status report. For CPD debug, execute: % cpd_admin debug on TDERROR_ALL_ALL=5 The debug file is located under $CPDIR/log/cpd.elg To stop the CPD debug, execute: % cpd_admin debug off TDERROR_ALL_ALL=1 Debugging FWM The FWM process is responsible for the execution of the database activities of the SmartCenter server. It is; therefore, responsible for Policy installation, Management High Availability (HA) Synchronization, saving the Policy, Database Read/Write action, Log Display, etc. For FWM debug, execute: % fw debug fwm on TDERROR_ALL_ALL=5 % fw debug fwm on OPSEC_DEBUG_LEVEL=9 The debug file is located under $FWDIR/log/fwm.elg To stop the FWM debug, execute: % fw debug fwm off TDERROR_ALL_ALL=1 % fw debug fwm off OPSEC_DEBUG_LEVEL=1 Debugging FWD The FWD process is responsible for logging. It is executed in relation to logging, Security Servers and communication with OPSEC applications. For FWD debug, execute: % fw debug fwd debug on TDERROR_ALL_ALL=5 The debug file is located under $FWDIR/log/fwd.elg To stop the FWD debug, execute: % fw debug fwd off TDERROR_ALL_ALL=1 FireWall Monitor Network Capturing The FireWall Monitor is responsible for packet flow analysis. To execute: % fw monitor e accept; o <output file> Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 3

Security Server debugging Debugging User Authentication Usage Debugging is done on the service itself (in.ahttpd, in.atelnetd, in.aftpd etc.) % fw debug <process name> on TDERROR_ALL_ALL=5 The debug file is located under: $FWDIR/log/ahttpd.elg* or $FWDIR/log/aftpd.elg* or $FWDIR/log/atelnetd.elg* depending on the service that you are debugging. HTTP Security Server For HTTP Security Server debug, execute: % fw debug in.ahttpd on TDERROR_ALL_ALL=5 % fw debug in.ahttpd on OPSEC_DEBUG_LEVEL=3 The debug file is located under: $FWDIR/log/ahttpd.elg* If more than one HTTP Security Server process is running, execute: % fw kill fwd % setenv TDERROR_ALL_ALL=5 % setenv OPSEC_DEBUG_LEVEL=3 % fwd d >& <output file> & Note - The setenv commands used above correlate with Unix environment. For other platforms, execute the relevant command. SMTP Security Server To debug the SMTP Security Server, execute: % fw debug in.asmtpd on TDERROR_ALL_ALL=5. The debug file is located under $FWDIR/log/asmtpd.elg* To debug the mdq, execute the following commands: % fw debug mdq on TDERROR_ALL_ALL=5. The debug file is located under $FWDIR/log/mdq.elg* Debugging Session Authentication To debug Session Authentication, execute: % fw debug in.asessiond on TDERROR_ALL_ALL=5 The debug file is located under: $FWDIR/log/asessiond.elg* Debugging Client Authentication For HTTP to port 900, execute: Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 4

% fw debug in.ahclientd on TDERROR_ALL_ALL=5 For Telnet to port 259, execute: % fw debug in.aclientd on TDERROR_ALL_ALL=5 The debug file is located under: $FWDIR/log/ahclientd.elg* VPN debugging On the Module To start, execute: % vpn debug trunc. This command is equivalent to these two commands: vpn debug on, vpn debug ikeon. To stop, execute: % vpn debug off; vpn debug ikeoff. The debug file is located under $FWDIR/log/ike.elg and $FWDIR/log/vpnd.elg FireWall Monitor for packet flow analysis % fw monitor e accept; o <output file> Client Side The Client side can only run under the root directory (C :/ ) To start, execute: % sc debug on To stop, execute: % sc debug off The debug file is located under sr_service_tde.log, under the SecuRemote installation folder, for example: C:\Program files\checkpoint\securemote. For packet capture from the Client side, execute: % srfw monitor -e "accept;" -o <output file> Provider-1 debugging MDS Level Most of the MDS actions are performed by the MDS s fwm process, execute: % mdsenv % fw debug mds on TDERROR_ALL_ALL=5 % fw debug mds on OPSEC_DEBUG_LEVEL=9 The debug file is located under /opt/cpsuit-r60/fw1/log/mds.elg Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 5

CMA Level See FireWall Common debugging on page 2. VPN-1 VSX debugging See FireWall Common debugging on page 2, either refer to user mode or kernel, as necessary. ClusterXL debugging For ClusterXL debugging for Clustering, Synchronization, High Availability, Fail-over, execute: % cphaprob state % cphaprob -ia list % cphaprob -a if % fw ctl pstat Kernel debug for packet filter analysis % fw ctl debug buf 12288 % fw ctl debug m fw conn drop packet if sync % fw ctl debug m cluster all % fw ctl kdebug f > <output file> Connectra debugging For Connectra debugging issues relating to Web, files, Webmail, OWA, inotes, Citrix, the httpd process should be debugged: To turn the debug on, under: $CVPNDIR/conf/httpd.conf change LogLevel to debug. You should execute the process: cvpnrestart The output is located at: $CVPNDIR/log/httpd.log For debugging authentication issues, execute: Debug cvpnd Run: cvpnd_admin debugset TDERROR_ALL_ALL=5 To start, execute: % cvpnrestart The debug file is located under $CVPNDIR/log/cvpnd.elg To stop debug, run: % cvpnd_admin debug off FireWall-1 GX debugging See FireWall Common debugging on page 2. Kernel debug for packet filter analysis Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 6

% fw ctl debug buf 12288 % fw ctl debug m fw conn drop ld packet filter % fw ctl kdebug T f > <output file> InterSpect debugging Kernel debug for packet filter analysis % fw ctl debug buf 12288 % fw ctl debug m fw conn drop packet if % fw ctl kdebug f > <output file> Additional kernel debug options for InterSpect: portscan, for port scanning issues dynlog, for dynamic logging mail, for mail security in the kernel sam, for SAM IP address blocking Kernel debug for Packet Drop, execute: % fw ctl zdebug + drop Kernel debug for SmartDefense TCP Streaming, execute: % fw ctl zdebug + tcpstr + cifs Kernel debug for Dynamic list (SAM), execute: % fw tab -t sam_requests_v2 -u -f % fw samp SNX SSL Network Extender debugging Server Side % vpn debug trunc % vpn debug on slim=5 Debug can be found at $FWDIR/log/vpnd.elg. You should execute vpn debug on [DEBUG_TOPIC=5]. The relevant debug topics are: proxy, rasta, rasta_protocol and slim.) Client Side For the service: Type regedit at the command prompt and set: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpextender\parameters\d bg_level to 5 Open the Command Line interface window and execute: Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 7

% net stop cpextender % net start cpextender (or kill slimsvc.exe) The debug file is located under: %Program Files%\CheckPoint\SSL Network Extender\slimsvc.log For the ActiveX: (only when using ActiveX with Internet Explorer), type regedit at the command prompt and set the following: % set HKEY_CURRENT_USER\Software\CheckPoint\SSL Network Extender\parameters\dbg_level to 5 The debug file is located under %APPDATA%\Check Point\extender\activex.log. For the Applet: (when using the Applet version) SNX can be used by Microsoft JVM or by other vendors (SUN, IBM ). To view the Java console when using Microsoft JVM you need to check Java console enabled (requires restart) in the Internet Options Advanced tab and restart Internet Explorer. You can also switch between the different JVMs (in case you have two or more) in the same tab. Further Debugging Memory Diagnostics The following utilities applies to all non-windows systems supported by Check Point: % free % vmstat 2 10 % sar k 2 10 % top % ps -auxw % cat /proc/meminfo % cat /proc/slabinfo Routing information % arp a % netstat ie % netstat Check Point Troubleshooting and Debugging Tools for Faster Resolution. Last Update January 24, 2006 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback