cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

HTTPS Inspection logs location

Hello colleagues,

There is a problem on R77.30 with HTTPS inspection, the gw is blocking everything.

The reason is: internal system occured, blocking request. See SK64162 for more information.

Unfortunately, nothing helped in this SK, so I collected a CPinfo to analyze it.

Where can I find any internal files, log files that are related to the issue?

I don't mean debugs, that's understandable. I'd like to figure out why the CP started to block it once.

 

Thank you for your time!

5 Replies
Highlighted

Re: HTTPS Inspection logs location

This error is usually connected to a blade, e.g. SmartLog search using

blade:"URL Filtering" AND "internal error"

or

blade:"Application Control" AND "internal error"

Also, Content Awareness or userspace RAD could be involved.

 

Re: HTTPS Inspection logs location

Thank you a lot!
But what about internal error records on the gateway, is there any file, which might be helpful to determine the problem?
0 Kudos

Re: HTTPS Inspection logs location

For HTTPS Inspection there are gateway components in both process space and kernel space.  The initial HTTPS negotiation between the firewall and Internet web server(s) starts in process space (wstlsd/pkxld) and that is usually where issues are encountered.  Check out this log file:  $FWDIR/log/wstlsd.elg; probably also worth looking in $FWDIR/log/fwd.elg and /var/log/messages* to see if anything interesting is getting written into these files.  If you see any messages in wstlsd.elg that indicate a problem and need more debugging info go here: sk105559: How to debug the WSTLSD daemon.

On 64-bit Gaia there is also a companion process to wstlsd called pkxld that leverages the 64-bit mode of the processor along with other hardware-based acceleration capabilities for key calculations and such.  I don't think there is a log file for this daemon, but if you think the problem is located here this daemon can be disabled to force all key calculations to occur back in wstlsd (just like they would be in 32-bit Gaia) by doing a touch $FWDIR/conf/pkxl_disable and rebooting.

For HTTPS kernel debugs the main module and option/flag for use with fw ctl debug is fw and cptls respectively.  For instructions about how to run a kernel debug in R77.30 see here: Kernel Debug flags - R77.30

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: HTTPS Inspection logs location

Thank you very much Timothy! That's what I've been looking for.
0 Kudos

Re: HTTPS Inspection logs location

An internal error due to categorization service timeout would need a RAD debug:

# rad_admin rad debug on all

******************Replicate***************

# rad_admin rad debug off

Collect: $FWDIR/log/rad.elg*