This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Leandro_K
Explorer
‎2022-08-31 11:56 PM

zdebug command

Hi,

I was running the following debug command "fw ctl zdebug + all | grep <ip address>", the command ran for +- 1 minute while I was testing connectivity. I received the following message  "fwkdebug: buffer full. messages lost." Where after the gateway dropped all connections and no traffic could pass via the gateway. I could still access the gateway via SSH and Gaia but no networks behind the gateway was able to operate. I had to reboot the gateway to restore operations.

Is there a better way for using the zdebug command and is it recommended for use in a Production environment?

The gateway is a 7000 appliance

Thanks

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-09-01 01:06 AM

See both of this discussions:         Tcpdump + Zdebug                and https://community.checkpoint.com/t5/General-Topics/fw-ctl-zdebug-this-is-wrong/m-p/9690?search-actio...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2022-09-01 01:32 AM

Hi

Try running the fw ctl debug command instead.

Look at sk98799 or sk171943 for advanced fw ctl debug features (for example larger buffer)

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-09-01 09:05 AM

fw ctl zdebug is a "macro" of various fw ctl debug commands that is not applicable in all situations.
It will also generate a lot of debug in a large production environment.

It is far better to do much more targeted debug commands depending on the precise nature of the issue you're trying to track down.
The SKs that @Tal_Paz-Fridman pointed you at will help you craft those commands.
In general, it is advisable to execute the various debug commands during maintenance windows when possible.

0 Kudos
Dario_Perez
Employee Employee
Employee
‎2022-09-01 01:43 PM

you are runing debug with all flag enable, keep in mind that is really heavy. 

you need to run specific flag. but even with some flag debug can be really heavy. 

I suggest create a Ticket and leave TAC leading this 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events