Print Download PDF Send Feedback

Previous

Next

fwaccel dbg

Description

This command controls the SecureXL debug. See SecureXL Debug.

Important - In Cluster, you must configure the SecureXL in the same way on all the Cluster Members.

Syntax

fwaccel dbg

-h

-m <Name of SecureXL Debug Module>

all

+ <Debug Flags>

- <Debug Flags>

reset

-f {"<5-Tuple Debug Filter>" | reset}

list

resetall

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-m <Name of SecureXL Debug Module>

Specifies the name of the SecureXL debug module.

To see the list of available debug modules, run:

fwaccel dbg

all

Enables all debug flags for the specified debug module.

+ <Debug Flags>

Enables the specified debug flags for the specified debug module:

Syntax:

+ Flag1 [Flag2 Flag3 ... FlagN]

Note - You must press the space bar key after the plus (+) character.

- <Debug Flags>

Disables all debug flags for the specified debug module.

Syntax:

- Flag1 [Flag2 Flag3 ... FlagN]

Note - You must press the space bar key after the minus (-) character.

reset

Resets all debug flags for the specified debug module to their default state.

-f "<5-Tuple Debug Filter>"

Configures the debug filter to show only debug messages that contain the specified connection.

The filter is a string of five numbers separated with commas:

"<Source IP Address>,<Source Port>,<Destination IP Address>,<Destination Port>,<Protocol Number>"

Notes:

  • You can configure only one debug filter at one time.
  • You can use the asterisk "*" as a wildcard for an IP Address, Port number, or Protocol number.
  • For more information, see IANA - Port Numbers and IANA - Protocol Numbers.

-f reset

Resets the current debug filter.

list

Shows all enabled debug flags in all debug modules.

resetall

Reset all debug flags for all debug modules to their default state.

Example 1 - Default output

[Expert@MyGW:0]# fwaccel dbg

Usage: fwaccel dbg [-m <...>] [resetall | reset | list | all | +/- <flags>]

-m <module> - module of debugging

-h - this help message

resetall - reset all debug flags for all modules

reset - reset all debug flags for module

all - set all debug flags for module

list - list all debug flags for all modules

-f reset | "<5-tuple>" - filter debug messages

+ <flags> - set the given debug flags

- <flags> - unset the given debug flags

 

List of available modules and flags:

 

Module: default (default)

err init drv tag lock cpdrv routing kdrv gtp tcp_sv gtp_pkt svm iter conn htab del update acct conf stat queue ioctl corr util rngs relations ant conn_app rngs_print infra_ids offload nat

 

Module: db

err get save del tmpl tmo init ant profile nmr nmt

 

Module: api

err init add update del acct conf stat vpn notif tmpl sv pxl qos gtp infra tmpl_info upd_conf upd_if_inf add_sa del_sa del_all_sas misc get_features get_tab get_stat reset_stat tag long_ver del_all_tmpl get_state upd_link_sel

 

Module: pkt

err f2f frag spoof acct notif tcp_state tcp_state_pkt sv cpls routing drop pxl qos user deliver vlan pkt nat wrp corr caf

 

Module: infras

err reorder pm

 

Module: tmpl

err dtmpl_get dtmpl_notif tmpl

 

Module: vpn

err vpnpkt linksel routing vpn

 

Module: nac

err db db_get pkt pkt_ex signature offload idnt ioctl nac

 

Module: cpaq

init client server exp cbuf opreg transport transport_utils error

 

Module: synatk

init conf conn err log pkt proxy state msg

 

Module: adp

err rt nh eth heth wrp inf mbs bpl bplinf mbeinf if drop bond xmode ipsctl xnp

 

Module: dos

fw1-cfg fw1-pkt sim-cfg sim-pkt err detailed drop

 

[Expert@MyGW:0]#

Example 2 - Enabling and disabling of debug flags

[Expert@MyGW:0]# fwaccel dbg -m default + err conn

Debug flags updated.

[Expert@MyGW:0]#

[Expert@MyGW:0]# fwaccel dbg list

 

Module: default (2001)

err conn

 

Module: db (1)

err

 

Module: api (1)

err

 

Module: pkt (1)

err

 

Module: infras (1)

err

 

Module: tmpl (1)

err

 

Module: vpn (1)

err

 

Module: nac (1)

err

 

Module: cpaq (100)

error

 

Module: synatk (0)

 

 

Module: adp (1)

err

 

Module: dos (10)

err

 

Debug filter not set.

[Expert@MyGW:0]#

[Expert@MyGW:0]# fwaccel dbg -m default - conn

Debug flags updated.

[Expert@MyGW:0]#

[Expert@MyGW:0]# fwaccel dbg list

 

Module: default (1)

err

 

Module: db (1)

err

 

Module: api (1)

err

 

Module: pkt (1)

err

 

Module: infras (1)

err

 

Module: tmpl (1)

err

 

Module: vpn (1)

err

 

Module: nac (1)

err

 

Module: cpaq (100)

error

 

Module: synatk (0)

 

 

Module: adp (1)

err

 

Module: dos (10)

err

 

Debug filter not set.

[Expert@MyGW:0]#

[Expert@MyGW:0]# fwaccel dbg -m default reset

Debug flags updated.

[Expert@MyGW:0]#

Example 3 - Resetting all debug flags in all debug modules

[Expert@MyGW:0]# fwaccel dbg resetall

Debug state was reset to default.

[Expert@MyGW:0]#

Example 4 - Configuring debug filter for an SSH connection from 192.168.20.30 to 172.16.40.50

[Expert@MyGW:0]# fwaccel dbg -f 192.168.20.30,*,172.16.40.50,22,6

Debug filter was set.

[Expert@MyGW:0]#

[Expert@MyGW:0]# fwaccel dbg list

 

... ...

 

Debug filter: "<*,*,*,*,*>"

[Expert@MyGW:0]#

27 December 2020
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2020 Check Point Software Technologies Ltd. All rights reserved.