Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sorinstf
Contributor
Jump to solution

identity awareness debugging commands fail on R81.20

Hello, 

I need to collect logs from gateways running on R81.20 as we encounter a  problem after upgrading to R81.20. (gateway is authenticating the user, but it only pulls "All users" group, not all  the groups the users is part of. FW security policies based on Access roles fail. Anyone else ? 

I had a meeting earlier today with a TAC engineer, he was able to gather the debug logs from one  gateway. He's off shift, so I have to collect debug & logs from another gateway.  When I run the same commands on another gateway (R81.20  JHA T38 // 3800 series), I get the following: 

[Expert@pcpfw04:0]# pdpd debug on
fwasync_create_socket_bindopt: failed to bind to a reserved port: Address already in use

[Expert@pcpfw04:0]# pdpd debug status
fwasync_create_socket_bindopt: failed to bind to a reserved port: Address already in use

[Expert@pcpfw04:0]# pepd debug on
Unable to open '/vs0/dev/fw6v0': Connection refused

Any idea what I'm doing wrong?

Full debug list for IA  - just to have it at hand

updated commands as per official guide pdp debug (checkpoint.com)

 

 

 

#Enable debugs:
#=================
pdp debug on
pdp debug set all all

pep debug on
pep debug set all all

echo "======DEBUG_START======" >> $FWDIR/log/fwd.elg
fw debug fwd on TDERROR_DBG_OPT=time,host,prog,topic,pid,tid
fw debug fwd on TDERROR_ALL_ALL=5
fw debug fwd on OPSEC_DEBUG_LEVEL=3

NOW CONNECT IA AGENT

#Disable debugs:
#==================
fw debug fwd off TDERROR_ALL_ALL=0
fw debug fwd off OPSEC_DEBUG_LEVEL=0

echo "=======DEBUG_STOP======" >> $FWDIR/log/fwd.elg
pdp debug off

pep debug off
pep debug reset

++ tcpdump -nei  to save pcap with connections between the gateway and LDAP. 

 

 

 

 

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
Lesley
Leader Leader
Leader

Try without the extra 'd'

pdp debug on

pdp debug status

pep debug on

-------
If you like this post please give a thumbs up(kudo)! 🙂

View solution in original post

2 Replies
Lesley
Leader Leader
Leader

Try without the extra 'd'

pdp debug on

pdp debug status

pep debug on

-------
If you like this post please give a thumbs up(kudo)! 🙂
sorinstf
Contributor

Right! as per the manual ... pdp debug (checkpoint.com)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events