This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nick_Doropoulos
Advisor
‎2019-03-26 03:19 AM

vpn debug off TDERROR_ALL_ALL=0

I recently noticed that when trying to turn off vpn debug off TDERROR_ALL_ALL=0 it doesn't really work (see screenshot attached).

 

The gateway is R80.10 and sks such as sk84561 definitely recommend the tried syntax. 

 

Has anybody seen this before?

 

Thanks.

 

 

Preview file
14 KB
0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-03-26 03:33 AM

sk63560 - How to run complete VPN debug on Security Gateway to troubleshoot VPN issues? gives:

Enable VPND and IKE debug:

[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5

---

Stop VPND and IKE debug:

[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Nick_Doropoulos
Advisor
‎2019-03-26 03:41 AM
In response to G_W_Albrecht

So would I be right to assume that vpn debug off TDERROR_ALL_ALL=0 is "discontinued" and that vpn debug off is to be used? sk89940 also refers to vpn debug off TDERROR_ALL_ALL=0 so unless my syntax is wrong or I'm missing a hotfix the documentation should be updated?

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-03-26 04:31 AM

Anytime you invoke a debug command like this with TDERROR_ALL_ALL=5, you should always include TDERROR_ALL_ALL=0 when you turn it back off.  Failure to do so seems to still leave some extra debugging enabled, have noticed this effect with fwm in particular.

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Nick_Doropoulos
Advisor
‎2019-03-26 04:34 AM
In response to Timothy_Hall

That's what I thought but it obviously didn't work for me so I was wondering whether I was doing something wrong or whether the said way of turning vpn debugging off is discontinued.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-03-26 04:40 AM
In response to Nick_Doropoulos

In your original post you said you were using "vpn debug off TDERROR_ALL_ALL=5" which is incorrect.  The SK you reference uses "vpn debug off TDERROR_ALL_ALL=0" which is correct.  Even after running this latter command, there will still be some slight debugging dumped into $FWDIR/log/vpnd.elg by default, even if debug has been properly disabled.

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Nick_Doropoulos
Advisor
‎2019-03-26 04:43 AM
In response to Timothy_Hall

I think I mistyped the original question which I will rectify now but if you look at the screenshot attached you can see what I mean.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events