Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion
Champion

R8x - Performance Tuning Tip - Disable all Debug Settings

I often observe that debugging on firewalls is not disabled after a debug session. From a performance point of view, this is usually a problem. Therefore some tips  how to disable the debug if necessary and what should be enabled again after the debug.

Disable kernel debug.

                           -> fw ctl debug 0

Disable debug for the most important user space processes.

CPM                   -> ./cpm_debug.sh -t crud -s INFO
                                ./cpm_debug.sh -r
FWM                   -> fw debug fwm off
FWD                   -> fw debug fwd off
CPD                    -> unset TMOUT
                                 cpd_admin debug on TDERROR_ALL_ALL=5
                                 tail –f $CPDIR/log/cpd.elg>&cpd_debug.txt
                                 cpd_admin debug off
                                 kill%
CPCA                   -> fw debug cpca off

VPN                     -> vpn debug off
                                 vpn debug ikeoff

RAD                     -> rad_admin rad debug off

DLPU                   -> fw_debug dlpu off

cp_file                 -> fw_debug cp_file_convertd off TDERROR_ALL_ALL=0

WSTLSD  (https)-> for PROC in $(pidof wstlsd); do fw debug $PROC off TDERROR-_ALL_ALL=0; done

For all other user space processes, see the following article: sk97638

Show all TDERROR settings.

                           -> env | grep TDERROR | awk -F= '{print $1}'

Enable SecureXL after debug.

                            -> fwaccel on

Enable VPN SecureXL after debug.

                             > vpn accel on      (All VPN tunnels will be reset!)

Disable SmartConsole debug.

                            -> SCConfigManager.exe 
                                 LogLevel = Error
                                 CommLogLevel = Off

(3)
3 Replies
Reinhard_G
Participant

👍

0 Kudos
the_rock
Champion
Champion

Hi Heiko,

 

Maybe somewhat stupid question, but I thought that fw ctl debug 0 and fw ctl debug -x would disable ALL debugs on the firewall or thats not the case?

0 Kudos
_Val_
Admin
Admin

"-x" option does not reset all flags, it removes all flags at all. use "0" only, as defaukt flags are required for the normal operation of your environment.

0 Kudos