Difference between revisions of "Troubleshooting Tips"
From Tech-Wiki
(Created page with "Category:Check Point '''Back to Gaia''' If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in t...") |
|||
| (13 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order: | If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order: | ||
| + | # Policy | ||
| + | # NAT (correct NAT mode? Does it require manual proxy arp?) | ||
| + | # Routing | ||
| + | # Anti-spoofing (even from return packet, check logs in opposite direction) | ||
| + | # VPN Encryption domain (for your and remote peer) | ||
| + | # IPS (Use command: ips off) | ||
| + | # Connection Limit (fw ctl pstat) | ||
| + | # Disable SecureXL (Use command: fwaccel off) | ||
| + | # Test in the other cluster member (Use command: clusterXL_admin down –p) | ||
| + | # Issue a cpstop/cpstart or reboot | ||
| + | # Consider installing the latest Jumbo hotfix accumulator or Recommended Hotfixes (per sk106162 and sk106389) | ||
| + | # Did I forget something?! | ||
| + | # That’s probably a bug, raise a TAC | ||
| − | + | Confirm the reason of your packet being dropped using: | |
| − | + | fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y' | |
| − | + | ||
| − | + | If log is stuck with existing old sessions (no new logs, or still showing traffic from previous policies), clear connection's table: | |
| − | + | fw tab -t connections -x | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
Latest revision as of 14:56, 22 March 2019
If you are facing strange behavior, in an advanced/illogic scenario, evaluate/review the following items in this order:
- Policy
- NAT (correct NAT mode? Does it require manual proxy arp?)
- Routing
- Anti-spoofing (even from return packet, check logs in opposite direction)
- VPN Encryption domain (for your and remote peer)
- IPS (Use command: ips off)
- Connection Limit (fw ctl pstat)
- Disable SecureXL (Use command: fwaccel off)
- Test in the other cluster member (Use command: clusterXL_admin down –p)
- Issue a cpstop/cpstart or reboot
- Consider installing the latest Jumbo hotfix accumulator or Recommended Hotfixes (per sk106162 and sk106389)
- Did I forget something?!
- That’s probably a bug, raise a TAC
Confirm the reason of your packet being dropped using:
fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y'
If log is stuck with existing old sessions (no new logs, or still showing traffic from previous policies), clear connection's table:
fw tab -t connections -x