This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
C_M
Contributor
‎2021-06-10 02:59 PM
Jump to solution

fw ctl zdebug drop in VSX

Can 

 fw ctl zdebug drop be ran from VS0 or does it have to be run in a certain policy such as vs1, vs2, etc. in VSX for it to work?

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2021-06-10 03:23 PM
Jump to solution

Pretty sure you'll need to specify the -vs flag for that to work properly, as each VS has separate fwk kernel processes.  I don't think running it in VS 0 without the -vs option will catch drops in the other VSs, although this SK would seem to suggest otherwise: sk167412: Using 'fw ctl zdebug' or FW Monitor on VSX Fails Because of Memory or Buffer Issues

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com

View solution in original post

0 Kudos
3 Replies
Timothy_Hall
Champion
Champion
‎2021-06-10 03:23 PM
Jump to solution

Pretty sure you'll need to specify the -vs flag for that to work properly, as each VS has separate fwk kernel processes.  I don't think running it in VS 0 without the -vs option will catch drops in the other VSs, although this SK would seem to suggest otherwise: sk167412: Using 'fw ctl zdebug' or FW Monitor on VSX Fails Because of Memory or Buffer Issues

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
0 Kudos
C_M
Contributor
‎2021-06-10 03:31 PM
In response to Timothy_Hall
Jump to solution

Thanks.

0 Kudos
Bob_Zimmerman
Mentor
Mentor
‎2021-06-10 03:34 PM
Jump to solution

In versions backed by VRFs (R80.30 and earlier; kernel 2.6.18), it can be run from any VS, and it shows drops from all VSs at the same time. Each drop is prefixed to indicate which VS it comes from. For example, "[vs_27]" for a drop in context 27. I believe it can be run as 'fw -vs <vsid> ctl zdebug drop' to run in one VS, but I've never had to try that.

I haven't worked much with VSX backed by network namespaces (R80.40 and up; kernel 3.10) yet, so I don't know if it's different there.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events