cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

fw monitor - see drop packets

Jump to solution

Dear all,

 

In our old enviroment, i had right to run expert mode and when i needed to check dropped packets from a single ip i used to run "fw ctl zdebug drop | grep x.x.x.x"

 

Now we have a new enviroment on multidomain and i have no expert access to my gw. My problem is that when i run a fwmonitor i can´t  grep cause that is for expert mode.

 

I´have look a lot of official information about fw monitor and i´m sure that is not possible to do.

My question is:

Is any way to see in real-time the dropped packets running cli? ( no expert mode)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: fw monitor - see drop packets

Jump to solution

Hi @juanmoreno,

With R80.30 you can alternatively use the following command in clish:-)

clish> fw ctl zdebug monitor all

or

clish> fw ctl zdebug drop

fw ctl zdebug is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a high performance impact. Furthermore, the debug buffer is not the largest.

More read here:

"fw ctl zdebug" Helpful Command Combinations

View solution in original post

3 Replies
Admin
Admin

Re: fw monitor - see drop packets

Jump to solution
At a high level you could achieve similar functionality with an extended command pointing to a shell script.
The shell script would take the desired IP as input and run the necessary command with the argument.
You then configure an extended command to point to this script.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Re: fw monitor - see drop packets

Jump to solution

Hi Phoneboy,

Let me check your info and i tell you what i can get.

 

 

0 Kudos
Highlighted

Re: fw monitor - see drop packets

Jump to solution

Hi @juanmoreno,

With R80.30 you can alternatively use the following command in clish:-)

clish> fw ctl zdebug monitor all

or

clish> fw ctl zdebug drop

fw ctl zdebug is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a high performance impact. Furthermore, the debug buffer is not the largest.

More read here:

"fw ctl zdebug" Helpful Command Combinations

View solution in original post