|
|
|
To see the available SecureXL debug modules and their debug flags, run: fwaccel dbg
Flag |
Description |
|---|---|
|
Connection accounting information |
|
Anticipated connections |
|
Configuration of the SecureXL (for example, interfaces) |
|
Processing of connections |
|
Processing of connections |
|
Correction layer |
|
Currently not in use |
|
Deletion of connections |
|
Driver information |
|
General errors |
|
Processing of GTP tunnel connections |
|
Processing of GTP tunnel packets |
|
Hash table |
|
Allocating IDs for a given range in Identity Awareness |
|
Initialization |
|
Changes in the configuration, which were initiated from the user space |
|
Connection table iterator |
|
Driver information |
|
Lock initializing and finalizing |
|
Processing of NAT connections |
|
Offloading of connections from the Firewall to the SecureXL |
|
Connections queue |
|
Related connections (such as FTP data connections) |
|
Handling of SecureXL ranges |
|
Printing of SecureXL ranges |
|
Handling of SecureXL routing |
|
Handling of SecureXL statistics |
|
Registering templates or connections for System Counters in Security Gateway object in SmartConsole |
|
Tags that were added to the packets by the SecureXL before forwarding them to the Firewall |
|
Verification of sequence in TCP packets |
|
Updates of connections |
|
Utilization |
Flag |
Description |
|---|---|
|
Connection accounting information |
|
Mirror and Decrypt feature - Mirror only of all traffic |
|
Correction layer |
|
ClusterXL Load Sharing |
|
Packet delivery |
|
Packets dropped by SecureXL |
|
General errors |
|
Reason for forwarding a packet to the Firewall |
|
Processing of fragments |
|
Processing of NAT connections |
|
Notifications sent to the Firewall |
|
Processing of packets |
|
PXL (PacketXL) handling - API between the SecureXL and PSL (Packet Streaming Layer), which is a TCP Streaming engine that parses TCP streams |
|
QoS acceleration |
|
Handling of SecureXL routing |
|
Handling of SecureXL Anti-Spoofing |
|
Validation of sequence in TCP packets |
|
Validation of TCP state in TCP packets |
|
Validation of TCP packets |
|
Currently not in use |
|
Handling of VLAN tags |
|
Handling of WRP interfaces in VSX |
Flag |
Description |
|---|---|
|
Anticipated connections |
|
Deleting of data from the SecureXL database |
|
General errors |
|
Retrieving of data from the SecureXL database |
|
Initializing and finalizing of SecureXL database |
|
"No Match Ranges" templates, which allow SecureXL Accept Templates for rules that contain Dynamic objects or Domain objects (or for rules located below such rules) |
|
"No Match Time" templates, which allow SecureXL Accept Templates for rules that contain Time objects (or for rules located below such rules) |
|
Operations on profile table |
|
Saving of data to the SecureXL database |
|
Handling of timeouts for SecureXL database entries |
|
Handling of SecureXL templates database |
Flag |
Description |
|---|---|
|
Connection accounting information |
|
Adding of connections |
|
Offloading of VPN SA to SecureXL |
|
Configuration of the SecureXL (for example, interfaces) |
|
Deletion of connections |
|
Deletion of all VPN SAs from SecureXL |
|
Deletion of the SecureXL Templates |
|
Deletion of VPN SA from SecureXL |
|
General errors |
|
Getting features buffer (in SecureXL initialization) |
|
Retrieving of SecureXL statistics |
|
Getting the connection state from SecureXL |
|
Some extra printouts when processing SecureXL tables |
|
Processing of GTP tunnel connections |
|
SecureXL infrastructure |
|
Enabling and disabling of SecureXL |
|
Prints additional verbose information about connections |
|
Prints additional information about SecureXL internals |
|
Notifications sent to the Firewall |
|
PXL (PacketXL) handling - API between the SecureXL and PSL (Packet Streaming Layer), which is a TCP Streaming engine that parses TCP streams |
|
QoS acceleration |
|
Prints statistics IDs that are reset |
|
Handling of SecureXL statistics |
|
Validation of sequence in TCP packets |
|
Tags that were added to the packets by the SecureXL before forwarding them to the Firewall |
|
Handling of SecureXL Templates |
|
Information about SecureXL Templates |
|
Update of SecureXL in ClusterXL Load Sharing |
|
Prints some text that shows if SecureXL updated information about interfaces |
|
Updates of VPN Link Selection |
|
Updates of connections |
|
Processing of VPN connection |
Flag |
Description |
|---|---|
|
Prints additional information |
|
Information about Bond interfaces |
|
Information about packet processing in the backplane |
|
Information about packet processing in the backplane |
|
Information about packet drops in the backplane |
|
General errors |
|
Information about ports from the acceleration card's point of view |
|
Information about ports from the Host Security Appliance's point of view |
|
Information about interfaces |
|
Information about slots and ports |
|
Information about slots |
|
Information about packet processing in the backplane |
|
Information about packet processing in the backplane |
|
Handling of next hop routing |
|
Handling of general routing |
|
Handling of WRP interfaces in VSX |
|
Events in the known neighbors database |
|
Information about slots |
Flag |
Description |
|---|---|
|
General errors |
|
Pattern Matcher |
|
Reordering of packets in queue |
Flag |
Description |
|---|---|
|
Updating, adding, deleting of identities |
|
Updating, fetching, searching of identities |
|
General errors |
|
Identity Tags |
|
Changes in the configuration, which were initiated from the user space |
|
Network Access Control |
|
Offloading of connections from the Firewall to the SecureXL |
|
Forwarding of connections to Firewall (when identity is not found or revoked, or NAC packet tagging verification failed) |
|
NAC packet-tagging verification |
|
Signing of packets |
Flag |
Description |
|---|---|
|
General errors |
|
VPN Link Selection |
|
VPN Encryption routing information |
|
Processing of VPN connections |
|
Processing of VPN packets |
Flag |
Description |
|---|---|
|
Information about queue buffers |
|
Information about queue clients |
|
General errors |
|
Information about expiration of queue items |
|
Initializing of queue |
|
Currently not in use |
|
Information about queue servers |
|
Information about sending messages in queue |
|
Additional information about sending messages in queue |
Flag |
Description |
|---|---|
|
Detailed tracing of DoS Rate Limiting logic in the packet flow. Important - This debug flag is not suitable for large traffic volumes because it prints a large number of messages. This causes high load on the CPU. |
|
Dropped packets |
|
General errors |
|
Information about DoS Rate Limiting configuration in the Firewall kernel module |
|
Information about DoS Rate Limiting packet flow in the Firewall kernel module |
|
Information about DoS Rate Limiting configuration in the SecureXL kernel module |
|
Information about DoS Rate Limiting packet flow in the SecureXL kernel module |
Flag |
Description |
|---|---|
|
Receiving and updating of Accelerated SYN Defender module's configuration |
|
Handling of TCP connections |
|
General errors |
|
Initializing of the Accelerated SYN Defender module |
|
Prints time of the last sent monitor log and interval between the monitor logs |
|
Information about internal messages in the Accelerated SYN Defender module |
|
Handling of TCP packets |
|
Currently not in use |
|
Information about states of the Accelerated SYN Defender module |
Flag |
Description |
|---|---|
|
General errors |
|
Getting of Drop Templates |
|
Notifications about Drop Templates |
|
Information about Drop Templates |
