Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Troubleshooting dropped packets in Checkpoint using zdebug

Ever wished you had more insight into the traffic getting dropped by your Checkpoint Firewall?

Read on to learn a very powerful tool you to your rescue known as zdebug.

The fw ctl zdebug drop command lists all dropped packets in real time and explains the reasons for the drop

Use the expert mode fw ctl zdebug drop  CLI command to set all the debugs flags and get an output on the command line.

The syntax for the command is:

[Expert@hostname]# fw ctl zdebug + <flags>

 

where <flags> could be any fw module flag.

 

For Example: The most common usage is the drop command:

[Expert@hostname]# fw ctl zdebug + drop

 

If you want to see drops only for a single IP use the grep filter:

[Expert@hostname]# fw ctl zdebug + drop | grep X.X.X.X

 

Replace X.X.X.X with the IP you want to filter for.

 

If you still cannot see the traffic, then most likely traffic is not even hitting the firewall. To verify, you can use tcmdump utility to capture packets:

Open a new session and:

[Expert@hostname]# tcpdump -nni any host x.x.x.x -s0 -w /var/log/tcpdump1.pcap

 

Note: The zdebug starts a debug in the background until

...
TO READ THE FULL POST it's simple and free

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events