This oneliner will do the work for you.
Use this onliner to start easy a debug without entering all debug commands by hand.
echo 'clear; echo -n "Input debug filter: "; read dbfilter; function ctrl_c { fw ctl debug 0; rm /tmp/vd; exit 0;}; trap ctrl_c INT; fw ctl debug -buf 20480; fw ctl debug $dbfilter;echo -e "\e[7m"; echo " Stop VPN debug with CTRL-C "; echo -e "\e[0m"; fw ctl kdebug -f -T | tee /var/log/edebug.log; sleep 100000000;' > /tmp/vd; chmod 770 /tmp/vd; /tmp/vd
What happens when you execute! It is a small script that executes the following commands:
fw ctl debug -buf 8192
fw ctl debug [entered debug filter]
fw ctl kdebug -f
[Wait until CTRL+C is pressed]
fw ctl debug 0
First you will be asked about the debug filters! Here you can enter the kernel debug flag (see picture below).
The example is comparable to "fw ctl zdebug drop". But with the advantage that the debug buffer is 8196K large. All debug flags described in this PDF (Kernel Debug Flags R80.10 , Kernel Debug Flags R77, R80.40 Kernel Debug Syntax) can be used here.
If the firewall issue has occurred, you only need to stop the oneliner via CTRL-C and the debug will be stopped. All debug filters are cleared.
Furthermore the output of the debug is stored in the file /var/log/edebug.log for further analysis.
Attention:
If you turn on debugging, this will affect the performance of the firewall.
These are the basic kernel FW debug parameters:
Debugging Modules
Common traffic flags in fw module
Common IPS flags in fw module
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips