Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Appliance: 23800
Version R80.10 Jumbo Hotfix 56
Recently learned the hard way that running tcpdump causes the system to reboot - happened multiple times. At first we thought it was because we ran it without a filter so it overwhelmed the box, however, even with a filter after about a minute the box fails over.
Wondering if anyone has run into this??
P.S. Yes I've opened a case just reaching out to the general public see if anyone has experienced anything similar. This is impacting a very large deployment.
--Juan
Did you tried tcpdump on root context or on the desired one?
Did you tried fw monitor?
The fw monitor works without issue – with tcpdump doesn’t matter what context you run it from, after a minute or so the box reboots – no messaging or anything it’s rebooting your session just hangs.
--Juan
OK ; weird 
I do not have the answer but I can surely recommend you to use fw monitor instead of tcpdump.
Note (if needed) that you can also export fw monitor trace files in Wireshark (refer to How to configure Wireshark for analysis of FW Monitor captures )
Also if needed: check What is FW Monitor?
tcpdump is useful in some scenarios as it captures traffic before the firewall kernel.
Thanks,
Juan Concepcion
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY