CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix! 
All Videos In One Space
HeikoAnkenbrand
I often observe that debugging on firewalls is not disabled after a debug session. From a performance point of view, this is usually a problem. Therefore some tips how to disable the debug if necessary and what should be enabled again after the debug.
| Disable kernel debug. |
-> fw ctl debug 0
| Disable debug for the most important user space processes. |
CPM -> ./cpm_debug.sh -t crud -s INFO
./cpm_debug.sh -r
FWM -> fw debug fwm off
FWD -> fw debug fwd off
CPD -> unset TMOUT
cpd_admin debug on TDERROR_ALL_ALL=5
tail –f $CPDIR/log/cpd.elg>&cpd_debug.txt
cpd_admin debug off
kill%
CPCA -> fw debug cpca off
VPN -> vpn debug off
vpn debug ikeoff
RAD -> rad_admin rad debug off
DLPU -> fw_debug dlpu off
cp_file -> fw_debug cp_file_convertd off TDERROR_ALL_ALL=0
WSTLSD (https)-> for PROC in $(pidof wstlsd); do fw debug $PROC off TDERROR-_ALL_ALL=0; done
For all other user space processes, see the following article: sk97638
| Show all TDERROR settings. |
-> env | grep TDERROR | awk -F= '{print $1}'
| Enable SecureXL after debug. |
-> fwaccel on
| Enable VPN SecureXL after debug. |
> vpn accel on (All VPN tunnels will be reset!)
| Disable SmartConsole debug. |
-> SCConfigManager.exe
LogLevel = Error
CommLogLevel = Off
👍
the_rock
Hi Heiko,
Maybe somewhat stupid question, but I thought that fw ctl debug 0 and fw ctl debug -x would disable ALL debugs on the firewall or thats not the case?
_Val_
"-x" option does not reset all flags, it removes all flags at all. use "0" only, as defaukt flags are required for the normal operation of your environment.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY