- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Can
fw ctl zdebug drop be ran from VS0 or does it have to be run in a certain policy such as vs1, vs2, etc. in VSX for it to work?
Pretty sure you'll need to specify the -vs flag for that to work properly, as each VS has separate fwk kernel processes. I don't think running it in VS 0 without the -vs option will catch drops in the other VSs, although this SK would seem to suggest otherwise: sk167412: Using 'fw ctl zdebug' or FW Monitor on VSX Fails Because of Memory or Buffer Issues
Pretty sure you'll need to specify the -vs flag for that to work properly, as each VS has separate fwk kernel processes. I don't think running it in VS 0 without the -vs option will catch drops in the other VSs, although this SK would seem to suggest otherwise: sk167412: Using 'fw ctl zdebug' or FW Monitor on VSX Fails Because of Memory or Buffer Issues
Thanks.
In versions backed by VRFs (R80.30 and earlier; kernel 2.6.18), it can be run from any VS, and it shows drops from all VSs at the same time. Each drop is prefixed to indicate which VS it comes from. For example, "[vs_27]" for a drop in context 27. I believe it can be run as 'fw -vs <vsid> ctl zdebug drop' to run in one VS, but I've never had to try that.
I haven't worked much with VSX backed by network namespaces (R80.40 and up; kernel 3.10) yet, so I don't know if it's different there.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY