Monday, March 5, 2018

Check Point Firewall: ZDEBUG

In doing some troubleshooting Sunday night, I think the best way to look for dropped packets, when you know the IPs involved, is to just go direction to zdebug in CLI.
I was helping a SAN guy troubleshoot an issue with SAN to SAN replication, which was failing on him.  In getting into the Check Points, I didn't even bother going to the Smartview Tracker.  I just SSH'ed into the active Check Point (in a HA pair) and did the zdebug, and found what I needed.  It is just easier for me, I guess.
I was getting this message below:
;[cpu_15];[fw4_0];fw_log_drop_ex: Packet proto=6 10.X.X.X:11105 -> 10.X.X.X:18347 dropped by fwpslglue_chain Reason: PSL Reject: ASPII_MT;
Turns out the reason for this was stated here, based on initial research.  Ill have to do more later on this.
Ill stick with the CLI.  The tools are powerful and reliable.  With zdebug, you see not only what could be dropped by the Check Point application itself, but also the OS.  Its just a better tool than Smartview Tracker, in my opinion.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.