- Products
- Learn
- Local User Groups
- Partners
-
More
It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
sk63560 - How to run complete VPN debug on Security Gateway to troubleshoot VPN issues? gives:
Enable VPND and IKE debug:
[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5
---
Stop VPND and IKE debug:
[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff
So would I be right to assume that vpn debug off TDERROR_ALL_ALL=0 is "discontinued" and that vpn debug off is to be used? sk89940 also refers to vpn debug off TDERROR_ALL_ALL=0 so unless my syntax is wrong or I'm missing a hotfix the documentation should be updated?
Anytime you invoke a debug command like this with TDERROR_ALL_ALL=5, you should always include TDERROR_ALL_ALL=0 when you turn it back off. Failure to do so seems to still leave some extra debugging enabled, have noticed this effect with fwm in particular.
That's what I thought but it obviously didn't work for me so I was wondering whether I was doing something wrong or whether the said way of turning vpn debugging off is discontinued.
In your original post you said you were using "vpn debug off TDERROR_ALL_ALL=5" which is incorrect. The SK you reference uses "vpn debug off TDERROR_ALL_ALL=0" which is correct. Even after running this latter command, there will still be some slight debugging dumped into $FWDIR/log/vpnd.elg by default, even if debug has been properly disabled.
I think I mistyped the original question which I will rectify now but if you look at the screenshot attached you can see what I mean.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY