Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

fw monitor - see drop packets

Jump to solution

Dear all,

 

In our old enviroment, i had right to run expert mode and when i needed to check dropped packets from a single ip i used to run "fw ctl zdebug drop | grep x.x.x.x"

 

Now we have a new enviroment on multidomain and i have no expert access to my gw. My problem is that when i run a fwmonitor i can´t  grep cause that is for expert mode.

 

I´have look a lot of official information about fw monitor and i´m sure that is not possible to do.

My question is:

Is any way to see in real-time the dropped packets running cli? ( no expert mode)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Hi @juanmoreno,

With R80.30 you can alternatively use the following command in clish:-)

clish> fw ctl zdebug monitor all

or

clish> fw ctl zdebug drop

fw ctl zdebug is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a high performance impact. Furthermore, the debug buffer is not the largest.

More read here:

"fw ctl zdebug" Helpful Command Combinations

View solution in original post

5 Replies
Highlighted
Admin
Admin
At a high level you could achieve similar functionality with an extended command pointing to a shell script.
The shell script would take the desired IP as input and run the necessary command with the argument.
You then configure an extended command to point to this script.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Highlighted

Hi Phoneboy,

Let me check your info and i tell you what i can get.

 

 

0 Kudos
Highlighted

Hi Phoneboy,

This solution is not for me required.

 

i want to see dropped packets filtering one ip in clish.

 

Best regards.

0 Kudos
Highlighted

Hi @juanmoreno,

With R80.30 you can alternatively use the following command in clish:-)

clish> fw ctl zdebug monitor all

or

clish> fw ctl zdebug drop

fw ctl zdebug is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a high performance impact. Furthermore, the debug buffer is not the largest.

More read here:

"fw ctl zdebug" Helpful Command Combinations

View solution in original post

Highlighted

Hi,

but with this option im not able to filter by one ip, source or destination.

 

Do you know what i mean?

Best regards

 

0 Kudos