cvpnd_admin

Description

Changes the behavior of the Mobile Access cvpnd process.

Syntax

cvpnd_admin

      appMonitor status

      clear_kernel_tables

      clear_portal_cache

      debug <options>

      ics_update

      isEnabled

      license <options>

      policy [{graceful | hard}]

      revoke <Certificate Serial Number>

Parameters

Parameter

Description

appMonitor <options>

Controls the Application Monitor.

The Application Monitor is a software component that monitors internal servers to track their up time.

If problems are found, a system alert log is created.

The available <options> are:

  • restart - Restarts the Application Monitor.

  • start - Start the Application Monitor.

  • status - Shows the status of the Application Monitor feature, the applications monitored by the Application Monitor and their status.

  • stop - Stops the Application Monitor.

clear_kernel_tables

Clears all Mobile Access kernel tables.

clear_portal_cache

Clears the cache for the applications presented in the Mobile Access Portal for all open sessions.

debug set TDERROR_ALL_ALL=5

Enables all cvpnd debug output for the running cvpnd process.

The output is in the $CVPNDIR/log/cvpnd.elg file.

Note - When you enable all debug topics, it might impact the performance. Debug topics are provided by Check Point Support.

debug off

Disables all cvpnd debug output.

debug trace on

debug trace users=<Username>

The TraceLogger feature generates full captures of incoming and outgoing authenticated Mobile Access traffic.

The output is saved in the $CVPNDIR/log/trace_log/ directory.

  • debug trace on - Enables the TraceLogger feature for all users.

  • debug trace users=<Username> - Enables the TraceLogger feature for a specified username

Important:

  • The TraceLogger feature has a major effect on performance, because all traffic is saved as files.

  • The TraceLogger feature uses a lot of disk space, because all traffic is saved as files. After a maximum number of files is saved, the oldest files are removed from the disk, which also has a performance cost.

  • The TraceLogger feature creates a security concern: end-user passwords that are sent to internal resources might appear in the capture files.

ics_update

Updates the Mobile Access services after you published a new ICS update.

isEnabled

Checks if Mobile Access is enabled by policy.

license <options>

Shows Mobile Access license count and status:

  • all - Shows information about the MOB and MOBMAIL licenses.

  • mob - Shows information about the MOB license.

  • mobmail - Shows information about the MOBMAIL license.

policy [{graceful | hard}]

Updates the Mobile Access services according to the current policy:

  • policy - For Apache services, each httpd process waits until its current request is finished, then exits.

  • policy graceful - For Apache services, each httpd process waits until its current request is finished, then exits.

  • policy hard - For Apache services, all httpd processes exit immediately, terminating all current http requests.

revoke <Certificate Serial Number>

Notifies about revocation of a certificate with a given serial number.