Troubleshooting

For the most common troubleshooting issues, refer to ATRG: CME (Cloud Management Extension) for CloudGuard.

General troubleshooting guidelines

Run these commands on the Security Management Server or Multi-Domain Server (in the Expert mode) to test the CME service.

Command

Description

service cme stop

Stops the main CME service.

service cme test

Starts the test.

Examines the output of this command to confirm that the setup works properly.

service cme start

Starts the main CME service (it if was stopped before the test).

  • Make sure that the clock on the Security Management Server is set correctly.

    The best way to set the clock is with the NTP.

    You need a synchronized clock to make API calls into a cloud environment.

  • Review logs are created by the CME on the Management Server:

    /var/log/CPcme/cme.log*

  • To enable or disable Debug mode:

    1. Connect to the command line on the Security Management Server.

    2. Log in to the Expert mode.

    3. Launch the CME menu:

      cme_menu

    4. Navigate to Debug Mode.

    5. Select Enable Debug mode.

    Note - The Debug mode significantly increases the number of logs messages written to the CME log files.

CME Log Collector

When contacting Check Point Support, collect the CME files using CME Log Collector (supported in CME Take 155 and higher).

CME Log Collector is a utility that collects CME important files into a single TGZ file.

This file allows analyzing customer setups from a remote location.

To use it:

  1. Connect to the command line on the Security Management Server.

  2. Log in to the Expert mode.

  3. Launch the CME menu:

    cme_menu

  4. Navigate to Debug Mode.

  5. Select CME Log Collecting.

  6. Select a path for the file

Best Practice - We recommend to enable CME debug mode for a few CME cycles before collecting CME files.