https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/84600#M6517 <P>Hi Phoneboy,</P><P>This solution is not for me required.</P><P>&nbsp;</P><P>i want to see dropped packets filtering one ip in clish.</P><P>&nbsp;</P><P>Best regards.</P> Fri, 08 May 2020 15:54:19 GMT juanmoreno 2020-05-08T15:54:19Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74108#M5721 <P>Dear all,</P><P>&nbsp;</P><P>In our old enviroment, i had right to run expert mode and when i needed to check dropped packets from a single ip i used to run "fw ctl zdebug drop | grep x.x.x.x"</P><P>&nbsp;</P><P>Now we have a new enviroment on multidomain and i have no expert access to my gw. My problem is that when i run a fwmonitor i can´t&nbsp; grep cause that is for expert mode.</P><P>&nbsp;</P><P>I´have look a lot of official information about fw monitor and i´m sure that is not possible to do.</P><P>My question is:</P><P>Is any way to see in real-time the dropped packets running cli? ( no expert mode)</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 04 Feb 2020 12:30:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74108#M5721 juanmoreno 2020-02-04T12:30:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74393#M5722 At a high level you could achieve similar functionality with an extended command pointing to a shell script.<BR />The shell script would take the desired IP as input and run the necessary command with the argument.<BR />You then configure an extended command to point to this script.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86583" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk86583</A> Fri, 07 Feb 2020 05:17:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74393#M5722 PhoneBoy 2020-02-07T05:17:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74643#M5744 <P>Hi Phoneboy,</P><P>Let me check your info and i tell you what i can get.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 10 Feb 2020 10:13:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74643#M5744 juanmoreno 2020-02-10T10:13:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74680#M5753 <P>Hi <a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/33846">@juanmoreno</a>,</P> <P>With R80.30 you can alternatively use the following command in clish:-)</P> <P>clish&gt; <FONT color="#FF0000"><STRONG>fw ctl zdebug monitor all<BR /><BR /></STRONG><FONT color="#000000">or </FONT><BR /></FONT></P> <P><FONT color="#000000">clish&gt; <STRONG>fw ctl zdebug drop</STRONG></FONT></P> <P><FONT color="#000000"><SPAN style="color: #ff0000;">fw ctl zdebug</SPAN></FONT> is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&amp;D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a <FONT color="#FF0000"><STRONG>high performance impact</STRONG></FONT>. Furthermore, the debug buffer is not the largest.</P> <P>More read here:</P> <P><A href="https://community.checkpoint.com/docs/DOC-2982-fw-ctl-zdebug-helpful-command-combinations" target="_blank" rel="noopener">"fw ctl zdebug" Helpful Command Combinations</A></P> Mon, 10 Feb 2020 13:31:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/74680#M5753 HeikoAnkenbrand 2020-02-10T13:31:45Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/84597#M6516 <P>Hi,</P><P>but with this option im not able to filter by one ip, source or destination.</P><P>&nbsp;</P><P>Do you know what i mean?</P><P>Best regards</P><P>&nbsp;</P> Fri, 08 May 2020 15:48:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/84597#M6516 juanmoreno 2020-05-08T15:48:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/84600#M6517 <P>Hi Phoneboy,</P><P>This solution is not for me required.</P><P>&nbsp;</P><P>i want to see dropped packets filtering one ip in clish.</P><P>&nbsp;</P><P>Best regards.</P> Fri, 08 May 2020 15:54:19 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/fw-monitor-see-drop-packets/m-p/84600#M6517 juanmoreno 2020-05-08T15:54:19Z