SecureXL Debug Procedure

By default, SecureXLClosed Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. writes the output debug information to the /var/log/messages file.

To collect the applicable SecureXL debug and to make its analysis easier, follow the steps below.

Note - For the complete debug procedure, see the R81.20 Quantum Security Gateway Guide - Chapter "Kernel Debug".

Important:

Procedure

  1. Use an SSH or a console connection.

    Best Practice - Use a console connection.

    Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

  2. If the default shell is Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)., run:

    expert

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug 0

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug 0

    • On the Security Gateway / each Cluster Member:

      fwaccel dbg resetall

    • On the Scalable Platform Security Group:

      g_fwaccel dbg resetall

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug -buf 8200 [-v {"<List of VSIDs>" | all}]

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug -buf 8200 [-v {"<List of VSIDs>" | all}]

    Note - The optional part "-v {"<List of VSIDs>" | all}" is to specify the applicable Virtual Systems on a VSX GatewayClosed Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. or VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member.

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug | grep buffer

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug | grep buffer

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug -m <Name of Kernel Debug Module> {all | + <Kernel Debug Flags>}

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug -m <Name of Kernel Debug Module> {all | + <Kernel Debug Flags>}

    • On the Security Gateway / each Cluster Member:

      fwaccel dbg -m <Name of SecureXL Debug Module> {all | + <SecureXL Debug Flags>}

    • On the Scalable Platform Security Group:

      g_fwaccel dbg -m <Name of SecureXL Debug Module> {all | + <SecureXL Debug Flags>}

    See SecureXL Debug Modules and Debug Flags.

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug

    • On the Security Gateway / each Cluster Member:

      fwaccel dbg list

    • On the Scalable Platform Security Group:

      g_fwaccel dbg list

  11. Important:

    • This step makes sure that you collect the debug of the real issue that is not affected by the existing connections.

    • This command deletes all existing connections. This interrupts all connections, including the SSH.

      Run this command only if you are connected over a serial console to your Security Gateway / each Cluster Member / Scalable Platform Security Group Members.

    • On the Security Gateway / each Cluster Member, run:

      fw tab -t connections -x -y

    • On the Scalable Platform Security Group, run:

      g_fw tab -t connections -x -y

  12. Note - This command does not interrupt the existing connections. This step makes sure that you collect the debug of the real issue that is not affected by the existing connection templates.

    • On the Security Gateway / each Cluster Member, run:

      fw tab -t cphwd_tmpl -x -y

    • On the Scalable Platform Security Group, run:

      g_fw tab -t cphwd_tmpl -x -y

  13. In Gateway mode:

    • On the Security Gateway / each Cluster Member, run:

      fw ctl kdebug -T -f -o /var/log/kernel_debug.txt

    • On the Scalable Platform Security Group, run:

      g_fw ctl kdebug -T -f -o /var/log/kernel_debug.txt

    In VSX mode - for specific Virtual Systems:

    • On the VSX Gateway / each VSX Cluster Member, run:

      fw ctl kdebug -v {"<List of VSIDs>" | all} -k -T -f -o /var/log/kernel_debug.txt

    • On the Scalable Platform Security Group in VSX mode, run:

      g_fw ctl kdebug -v {"<List of VSIDs>" | all} -k -T -f -o /var/log/kernel_debug.txt

  14. Perform the steps that cause the issue to occur, or wait for it to occur.

  15. Press CTRL+C.

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug 0

    • On the Scalable PlatformSecurity Group, run:

      g_fw ctl debug 0

    • On the Security Gateway / each Cluster Member:

      fwaccel dbg resetall

    • On the Scalable PlatformSecurity Group:

      g_fwaccel dbg resetall

    • On the Security Gateway / each Cluster Member, run:

      fw ctl debug

    • On the Scalable Platform Security Group, run:

      g_fw ctl debug

    • On the Security Gateway / each Cluster Member:

      fwaccel dbg list

    • On the Scalable Platform Security Group:

      g_fwaccel dbg list

  20. Transfer these files from the Security Gateway / each Cluster Member / each Security Group Member to your computer:

    /var/log/kernel_debug.txt

    /var/log/messages*

    $FWDIR/log/fwk.elg*

    /var/log/usim_x86.elg*

    Best Practice - Compress these files with the "tar -zxvf" command and transfer the archive from the Security Gateway / each Cluster Member / each Security Group Member to your computer. If you transfer to an FTP server, do so in the binary mode.