https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49436#M86801 Thank you a lot!<BR />But what about internal error records on the gateway, is there any file, which might be helpful to determine the problem? Mon, 01 Apr 2019 11:12:56 GMT Egor_Cherkasov 2019-04-01T11:12:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49424#M86799 <P>Hello colleagues,</P><P>There is a problem on R77.30 with HTTPS inspection, the gw is blocking everything.</P><P>The reason is: internal system occured, blocking request. See SK64162 for more information.</P><P>Unfortunately, nothing helped in this SK, so I collected a CPinfo to analyze it.</P><P>Where can I find any internal files, log files that are related to the issue?</P><P>I don't mean debugs, that's understandable. I'd like to figure out why the CP started to block it once.</P><P>&nbsp;</P><P>Thank you for your time!</P> Mon, 01 Apr 2019 11:10:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49424#M86799 Egor_Cherkasov 2019-04-01T11:10:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49432#M86800 <P>This error is usually connected to a blade, e.g. SmartLog search using</P> <P>blade:"URL Filtering" AND "internal error"</P> <P>or</P> <P>blade:"Application Control" AND "internal error"</P> <P>Also, Content Awareness or userspace RAD could be involved.</P> <P>&nbsp;</P> Mon, 01 Apr 2019 10:43:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49432#M86800 G_W_Albrecht 2019-04-01T10:43:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49436#M86801 Thank you a lot!<BR />But what about internal error records on the gateway, is there any file, which might be helpful to determine the problem? Mon, 01 Apr 2019 11:12:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49436#M86801 Egor_Cherkasov 2019-04-01T11:12:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49438#M86802 <P>For HTTPS Inspection there are gateway components in both process space and kernel space.&nbsp; The initial HTTPS negotiation between the firewall and Internet web server(s) starts in process space (wstlsd/pkxld) and that is usually where issues are encountered.&nbsp; Check out this log file:&nbsp; $FWDIR/log/wstlsd.elg; probably also worth looking in $FWDIR/log/fwd.elg and /var/log/messages* to see if anything interesting is getting written into these files.&nbsp; If you see any messages in wstlsd.elg that indicate a problem and need more debugging info go here: <A class="cp_link sc_ellipsis" style="max-width: 840px;" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105559&amp;partition=Advanced&amp;product=HTTPS" target="_blank">sk105559: How to <STRONG>debug</STRONG> the <STRONG>WSTLSD</STRONG> daemon.</A></P> <P>On 64-bit Gaia there is also a companion process to wstlsd called pkxld that leverages the 64-bit mode of the processor along with other hardware-based acceleration capabilities for key calculations and such.&nbsp; I don't think there is a log file for this daemon, but if you think the problem is located here this daemon can be disabled to force all key calculations to occur back in wstlsd (just like they would be in 32-bit Gaia) by doing a <STRONG>touch $FWDIR/conf/pkxl_disable</STRONG> and rebooting.</P> <P>For HTTPS kernel debugs the main module and option/flag for use with <STRONG>fw ctl debug</STRONG> is fw and cptls respectively.&nbsp; For instructions about how to run a kernel debug in R77.30 see here: <SPAN><A class="cp_link sc_ellipsis" style="max-width: 840px;" href="http://downloads.checkpoint.com/dc/download.htm?ID=41899" target="_blank" rel="noopener">Kernel Debug flags - R77.30</A></SPAN></P> <P>&nbsp;</P> Mon, 01 Apr 2019 11:17:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49438#M86802 Timothy_Hall 2019-04-01T11:17:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49439#M86803 Thank you very much Timothy! That's what I've been looking for. Mon, 01 Apr 2019 11:26:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49439#M86803 Egor_Cherkasov 2019-04-01T11:26:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49456#M86804 <P>An<SPAN> internal error due to categorization service timeout would need a RAD debug:</SPAN></P> <P data-aura-rendered-by="3748:0"># rad_admin rad debug on all</P> <P data-aura-rendered-by="3748:0">******************Replicate***************<BR clear="none" /><BR clear="none" /># rad_admin rad debug off<BR clear="none" /><BR clear="none" />Collect: $FWDIR/log/rad.elg*</P> Mon, 01 Apr 2019 12:26:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/HTTPS-Inspection-logs-location/m-p/49456#M86804 G_W_Albrecht 2019-04-01T12:26:16Z