This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion
Champion
‎2021-04-30 05:59 AM

R8x - Performance Tuning Tip - Disable all Debug Settings

I often observe that debugging on firewalls is not disabled after a debug session. From a performance point of view, this is usually a problem. Therefore some tips  how to disable the debug if necessary and what should be enabled again after the debug.

Disable kernel debug.

                           -> fw ctl debug 0

Disable debug for the most important user space processes.

CPM                   -> ./cpm_debug.sh -t crud -s INFO
                                ./cpm_debug.sh -r
FWM                   -> fw debug fwm off
FWD                   -> fw debug fwd off
CPD                    -> unset TMOUT
                                 cpd_admin debug on TDERROR_ALL_ALL=5
                                 tail –f $CPDIR/log/cpd.elg>&cpd_debug.txt
                                 cpd_admin debug off
                                 kill%
CPCA                   -> fw debug cpca off

VPN                     -> vpn debug off
                                 vpn debug ikeoff

RAD                     -> rad_admin rad debug off

DLPU                   -> fw_debug dlpu off

cp_file                 -> fw_debug cp_file_convertd off TDERROR_ALL_ALL=0

WSTLSD  (https)-> for PROC in $(pidof wstlsd); do fw debug $PROC off TDERROR-_ALL_ALL=0; done

For all other user space processes, see the following article: sk97638

Show all TDERROR settings.

                           -> env | grep TDERROR | awk -F= '{print $1}'

Enable SecureXL after debug.

                            -> fwaccel on

Enable VPN SecureXL after debug.

                             > vpn accel on      (All VPN tunnels will be reset!)

Disable SmartConsole debug.

                            -> SCConfigManager.exe 
                                 LogLevel = Error
                                 CommLogLevel = Off


➜ CCSM Elite, CCME, CCTE
(3)
3 Replies
Reinhard_G
Participant
‎2021-05-02 05:58 AM

👍

0 Kudos
the_rock
Legend
Legend
‎2021-05-02 07:09 AM

Hi Heiko,

 

Maybe somewhat stupid question, but I thought that fw ctl debug 0 and fw ctl debug -x would disable ALL debugs on the firewall or thats not the case?

0 Kudos
_Val_
Admin
Admin
‎2021-05-02 11:53 PM
In response to the_rock

"-x" option does not reset all flags, it removes all flags at all. use "0" only, as defaukt flags are required for the normal operation of your environment.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫