Hello Dmitry,
first of all, the "CPLogFilePrint $FWDIR/log/fw.log" worked fine, thank you.
Now, regarding the point 3: kernel: [fw4_1];FW-1: Starting CUL mode because CPU usage (81%) on the local member increased above the configured threshold (80%).
The entry appears when there is an high CPU usage (one of three fw_worker_<nn> process consumes about 70%, 80%, 85% and 90% percentage).
Casually I reproduced the issue: I was downloading a Windows 10 iso file from my client PC, then I noticed a 57% CPU usage (see screenshot below).
We have HTTPs Inspection and Application & URL Filtering enabled; Application & URL Filtering is enabled for ALL; however HTTPs Inspection is in ByPass for ALL, with the exception of my client computer where it was set to Inspect (because I'm testing HTTPs inspection before applying it to all users).
How is possible a simple file download from one client will use a lot of that CPU ? Do you think it is due to limited CPU license we are just using in our Check Point ?
Regarding the other points, I'll give you more information asap.
Thank you,
Luca