This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
juanmoreno
Explorer
‎2020-02-04 04:30 AM

fw monitor - see drop packets

Dear all,

 

In our old enviroment, i had right to run expert mode and when i needed to check dropped packets from a single ip i used to run "fw ctl zdebug drop | grep x.x.x.x"

 

Now we have a new enviroment on multidomain and i have no expert access to my gw. My problem is that when i run a fwmonitor i can´t  grep cause that is for expert mode.

 

I´have look a lot of official information about fw monitor and i´m sure that is not possible to do.

My question is:

Is any way to see in real-time the dropped packets running cli? ( no expert mode)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-02-06 09:17 PM

At a high level you could achieve similar functionality with an extended command pointing to a shell script.
The shell script would take the desired IP as input and run the necessary command with the argument.
You then configure an extended command to point to this script.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
juanmoreno
Explorer
‎2020-02-10 02:13 AM
In response to PhoneBoy

Hi Phoneboy,

Let me check your info and i tell you what i can get.

 

 

0 Kudos
juanmoreno
Explorer
‎2020-05-08 08:54 AM
In response to PhoneBoy

Hi Phoneboy,

This solution is not for me required.

 

i want to see dropped packets filtering one ip in clish.

 

Best regards.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2020-02-10 05:27 AM

Hi @juanmoreno,

With R80.30 you can alternatively use the following command in clish:-)

clish> fw ctl zdebug monitor all

or

clish> fw ctl zdebug drop

fw ctl zdebug is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. "fw ctl zdebug" is an R&D tool for testing software in development. Therefore, the insert should be used with care. It starts a debugging in the background until it is aborted with CTRL+C. On productive systems it can have a high performance impact. Furthermore, the debug buffer is not the largest.

More read here:

"fw ctl zdebug" Helpful Command Combinations

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
juanmoreno
Explorer
‎2020-05-08 08:48 AM
In response to HeikoAnkenbrand

Hi,

but with this option im not able to filter by one ip, source or destination.

 

Do you know what i mean?

Best regards

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top