Thank you, do you really find fw ctl chain usefull? i mean if you need to do that advance troubleshooting normally you do that together with TAC. My personal view of issues and troubleshooting is, if it takes more then 1h to resolve it involve tac because then its a bug :) I mean the only reason why i ever do tcpdumps or similar commands is to prove a point that the traffic is passing the firewall to someone else (like a server guy) Commands such as checking connections with fw ctl conntab, drops etc those i understand but i see very little value in actually checking the ctl chain. I do belive its part of the CCSE certificate to understand iIoO and such. i havn´t checked the CCSM whats included there. But way way above CCSA atleast :D When do you normally use this command?
" fwl ctl chain " command output looks very weird to me.So I have tried to understand this by referring some youtube video but not successful .So I am curious to know .
I think Heiko in the checkmates forum has described it some, but honestly i never use it. And as we manage 300+ check point firewalls i think the audience of ppl actually checking those things are very small. For me its to complicated topic to make a video on that ppl actaully would watch, so its not worth the time it would take, sorry sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/fw-ctl-chain.htm?tocpath=Security%20Gateway%20Commands%7Cfw%7Cfw%20ctl%7C_____4 Here is an SK for the kernel debug where its included. But as mention before, if you need this command you already troubleshooting with tac :) supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98799
My understanding of it, as a quick referense, fw ctl chain, list all the "steps/functions" that you have activated on your box. When you use fw monitor you are able to add -p all to see where a package is dropped/accepted within this flow. Meaning if you have securexl active, with -p all you will be able to see if its actually passing the securexl within the gateway. If you see that its dropped within this, you can then do fwaccell off to see if this resolves the issue (if it dose you have a bug as securexl is used to accelerate the traffic)
Thank you! This specific video isn´t really part of CCSA / CCSE but its something that is very usefull in real world senarios. We put in more and more security so logs is something that do increase every year and its good to know that there are options :)
Thank you for a great video Magnus, this video is based on VMWare ESX and I wonder if it is the same procedure need to be taken I GAIA, when the platform is MS hyper v manager.
Hello Magnus. Now SK suggest to go inside Maintanance mode : "You will need to reboot the server, so that Gaia will recognize the new disk. Enter Maintenance Mode from grub (if grub countdown does not show up, refer to sk164893)." do you know if this step is really needed?
Hi Rikard, its listed in the description, more or less i use vmware workstation on my normal desktop. With new CPUs and alot of ram its no issue to run pretty cool labs :)
![ปฏิเสธไม่ไหว (Crush on you) - LIPTA feat. No One Else [Official MV]](http://i.ytimg.com/vi/NBw1jF342vw/mqdefault.jpg)
Yey! Another excellent video. It's my request to make a detailed video on "fw ctl chain " output .
Thank you, do you really find fw ctl chain usefull? i mean if you need to do that advance troubleshooting normally you do that together with TAC.
My personal view of issues and troubleshooting is, if it takes more then 1h to resolve it involve tac because then its a bug :)
I mean the only reason why i ever do tcpdumps or similar commands is to prove a point that the traffic is passing the firewall to someone else (like a server guy)
Commands such as checking connections with fw ctl conntab, drops etc those i understand but i see very little value in actually checking the ctl chain.
I do belive its part of the CCSE certificate to understand iIoO and such. i havn´t checked the CCSM whats included there.
But way way above CCSA atleast :D
When do you normally use this command?
" fwl ctl chain " command output looks very weird to me.So I have tried to understand this by referring some youtube video but not successful .So I am curious to know .
I think Heiko in the checkmates forum has described it some, but honestly i never use it.
And as we manage 300+ check point firewalls i think the audience of ppl actually checking those things are very small.
For me its to complicated topic to make a video on that ppl actaully would watch, so its not worth the time it would take, sorry
sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/fw-ctl-chain.htm?tocpath=Security%20Gateway%20Commands%7Cfw%7Cfw%20ctl%7C_____4
Here is an SK for the kernel debug where its included.
But as mention before, if you need this command you already troubleshooting with tac :)
supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98799
I think fw chain, is a little over CCSA level.. But you have a good point.
My understanding of it,
as a quick referense, fw ctl chain, list all the "steps/functions" that you have activated on your box.
When you use fw monitor you are able to add -p all to see where a package is dropped/accepted within this flow.
Meaning if you have securexl active, with -p all you will be able to see if its actually passing the securexl within the gateway.
If you see that its dropped within this, you can then do fwaccell off to see if this resolves the issue (if it dose you have a bug as securexl is used to accelerate the traffic)
Thanks Magnus for creating such a good video. I am little bit skipped from others but for sure I will restart to come on track soon.
Thank you! This specific video isn´t really part of CCSA / CCSE but its something that is very usefull in real world senarios.
We put in more and more security so logs is something that do increase every year and its good to know that there are options :)
Thanks Magnus for this excellent video.
Thanks Magnus..very good explanation
Thank you for your job
Thank you!
Thank you for a great video Magnus, this video is based on VMWare ESX and I wonder if it is the same procedure need to be taken I GAIA, when the platform is MS hyper v manager.
Should be the same yes :)
Awesome
Thanks m8 :)
I promise to fix the MDS and VSX videos soon :)
Riktig bra genomgång.
Tackar :)
Hello Magnus.
Now SK suggest to go inside Maintanance mode :
"You will need to reboot the server, so that Gaia will recognize the new disk. Enter Maintenance Mode from grub (if grub countdown does not show up, refer to sk164893)."
do you know if this step is really needed?
Hi, personally i dont go in to any maintenance mode.
Hi Magnus, unfortunately our colleague have extended a disk instead of adding a new one. Is there an SK for this case? We are stuck. Thank you.
i would say revert snapshot / backup and remake it. thats probably faster and easier.
What kind of hardware do you use in your lab?
Hi Rikard,
its listed in the description, more or less i use vmware workstation on my normal desktop.
With new CPUs and alot of ram its no issue to run pretty cool labs :)
sk94671 have a updagrade - step #8