This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2021-04-30 05:59 AM

R8x - Performance Tuning Tip - Disable all Debug Settings

I often observe that debugging on firewalls is not disabled after a debug session. From a performance point of view, this is usually a problem. Therefore some tips  how to disable the debug if necessary and what should be enabled again after the debug.

Disable kernel debug.

                           -> fw ctl debug 0

Disable debug for the most important user space processes.

CPM                   -> ./cpm_debug.sh -t crud -s INFO
                                ./cpm_debug.sh -r
FWM                   -> fw debug fwm off
FWD                   -> fw debug fwd off
CPD                    -> unset TMOUT
                                 cpd_admin debug on TDERROR_ALL_ALL=5
                                 tail –f $CPDIR/log/cpd.elg>&cpd_debug.txt
                                 cpd_admin debug off
                                 kill%
CPCA                   -> fw debug cpca off

VPN                     -> vpn debug off
                                 vpn debug ikeoff

RAD                     -> rad_admin rad debug off

DLPU                   -> fw_debug dlpu off

cp_file                 -> fw_debug cp_file_convertd off TDERROR_ALL_ALL=0

WSTLSD  (https)-> for PROC in $(pidof wstlsd); do fw debug $PROC off TDERROR-_ALL_ALL=0; done

For all other user space processes, see the following article: sk97638

Show all TDERROR settings.

                           -> env | grep TDERROR | awk -F= '{print $1}'

Enable SecureXL after debug.

                            -> fwaccel on

Enable VPN SecureXL after debug.

                             > vpn accel on      (All VPN tunnels will be reset!)

Disable SmartConsole debug.

                            -> SCConfigManager.exe 
                                 LogLevel = Error
                                 CommLogLevel = Off

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
3 Replies
Reinhard_G
Participant
‎2021-05-02 05:58 AM

👍

0 Kudos
the_rock
Legend
Legend
‎2021-05-02 07:09 AM

Hi Heiko,

 

Maybe somewhat stupid question, but I thought that fw ctl debug 0 and fw ctl debug -x would disable ALL debugs on the firewall or thats not the case?

0 Kudos
_Val_
Admin
Admin
‎2021-05-02 11:53 PM
In response to the_rock

"-x" option does not reset all flags, it removes all flags at all. use "0" only, as defaukt flags are required for the normal operation of your environment.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top