Hi everyone,
I found an interesting part of documentation regarding the Integer Kernel Parameters and String Kernel Parameters.
It is possible with a command to show a list of all the parameters and string and the values that have been set.
This is stated in: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityGateway_Guide/Conten...
These are the steps for Integer parameters:
1
|
Connect to the command line on your
/ each
.
Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.
|
2
|
Log in to the Expert mode.
|
3
|
Make sure you can get the list of the available integer kernel parameters and their values without errors:
|
Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.
|
modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int
|
|
4
|
If in the previous step there were no errors, get the list of the available integer kernel parameters and their values, and save the list to a file:
modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int 1>> /var/log/fw_integer_kernel_parameters.txt 2>> /var/log/fw_integer_kernel_parameters.txt
|
|
5
|
Analyze the output file:
/var/log/fw_integer_kernel_parameters.txt
|
|
For string it is similar:
1
|
Connect to the command line on your Security Gateway / each Cluster Member.
Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.
|
2
|
Log in to the Expert mode.
|
3
|
Make sure you can get the list of the available integer kernel parameters and their values without errors:
|
Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.
|
modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str
|
|
4
|
If in the previous step there were no errors, get the list of the available string kernel parameters and their values, and save the list to a file:
modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str 1>> /var/log/fw_string_kernel_parameters.txt 2>> /var/log/fw_string_kernel_parameters.txt
|
|
5
|
Analyze the output file:
/var/log/fw_string_kernel_parameters.txt
|
|
I have tried step 3 on a few gateways but it get's stuck on different parameter and does not proceed with the rest.
Step 4 output file contains only an error.
Anyone has an idea how to generate the full list and skip the ones that give an error?
Expample:
(I cut out the above parameters)
bypass_on_enhanced_ssl_inspection = 0
bypass_reverse_dns_rad_request = 1
ccc_in_separate_daemon = 0
ccc_policy_timestamp = 0
Get operation failed: failed to get parameter ccl_correct_dr_between_chassis
get: Operation failed
xargs: fw: terminated by signal
Different gateway:
fwconn_tracker_monitor = 'default'
fwha_azure_default_mac = '12:34:56:78:9a:bc'
fwha_group_of_bonds_str = ''
Get operation failed: failed to get parameter fwha_mbs_amw_policy_time_formated_str
get: Operation failed
xargs: fw: terminated by signal 9
-------
If you like this post please give a thumbs up(kudo)! 🙂