Troubleshooting guide
Chapter 2 Troubleshooting Security Servers and Content Security
What commands are supported by the VPN-1/FireWall-1 SMTP Security Server?
Advanced Technical Reference Guide 4.1 • June 2000 78
Debugging Security servers
In order to solve your problem, your technical support representative will need all relevant information about
the problem and its environment. For each type of problem, the Support representative will ask for specific
records and files.
Sending this information as soon as the Support Call is opened will make the handling of the ticket more
efficient and will ensure that the problem is resolved as quickly as possible
This section lists the information that Check Point Support will ask you to gather in order to debug security
Server problems. It may also be of use when doing your own troubleshooting.
See “Chapter 2: Troubleshooting Tools,” page 5 for more information on the fwinfo, fw monitor and
the fw ctl debug commands.
Information to Gather
HTTP Security Server
To debug the HTTP Security Server, do the following:
1. Issue the fwstop command, or fw kill fwd
2. Setenv FWAHTTPD_DEBUG=1
3. fwstart or fwd
The debug output will be redirected to file ahttpd.elg (or ahttpd.log in pre-4.1 version)
Send the files to support@ts.checkpoint.com.
Authentication
Gather the following information:
1. fwinfo file.
2. Error messages from the log and from the screen.
3. fw monitor file that is relevant for the problem.
4. Send the log/ahttpd.log file to support@ts.checkpoint.com.
5. If the problem is related to SMTP, ask for the spool directory and run the mail dequeuer and the asmtpd
in debug mode.
Send the files to support@ts.checkpoint.com.
Resources and CVP servers
Gather the following information:
1. fw monitor on port 18181.
2. fwopsec.conf file.
3. cvp.conf file on the CVP side.
4. Set the environment variable OPSEC_DEBUG_LEVEL to 3, and restart fwd. Send the output received in
fwd.log to support@ts.checkpoint.com.