Troubleshooting

For the most common troubleshooting issues, refer to ATRG: CME (Cloud Management Extension) for CloudGuard.

General troubleshooting guidelines

Run these commands on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. (in the Expert mode) to test the CME service.

Command

Description

service cme stop

Stops the main CME service.

service cme test

Starts the test.

Examines the output of this command to confirm that the setup works properly.

service cme start

Starts the main CME service (it if was stopped before the test).

  • Make sure that the clock on the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. is set correctly.

    The best way to set the clock is with the NTP.

    You need a synchronized clock to make API calls into a cloud environment.

  • Review logs are created by the CME on the Management Server:

    /var/log/CPcme/cme.log*

  • To enable or disable Debug mode:

    1. Connect to the command line on the Security Management Server.

    2. Log in to the Expert mode.

    3. Launch the CME menu:

      cme_menu

    4. Navigate to Debug Mode.

    5. Select Enable Debug mode.

    Note - The Debug mode significantly increases the number of logs messages written to the CME log files.

CME Log Collector

When contacting Check Point Support, collect the CME files using CME Log Collector (supported in CME Take 155 and higher).

CME Log Collector is a utility that collects CME important files into a single TGZ file.

This file allows analyzing customer setups from a remote location.

To use it:

  1. Connect to the command line on the Security Management Server.

  2. Log in to the Expert mode.

  3. Launch the CME menu:

    cme_menu

  4. Navigate to Debug Mode.

  5. Select CME Log Collecting.

  6. Select a path for the file

Best Practice - We recommend to enable CME debug mode for a few CME cycles before collecting CME files.