Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 11060

171

172

173

174

175

176

177

178

179

180

Check Point VSX Administration Guide NGX R67 | 179

Chapter 12

VSX Diagnostics and

Troubleshooting

In This Chapter

Introduction 179

General Troubleshooting Steps 179

Troubleshooting Specific Problems 180

Introduction

This chapter presents basic diagnostic and troubleshooting procedures that should be followed in the event

you encountering a problem while working with VSX. This diagnostic routine will assist you in determining

the source of the problem. This chapter presents several known issues and their solutions.

Most problems are caused by configuration errors occurring during the process of defining VSX gateway,

clusters and/or virtual devices. Another common source of problems involves networking and connectivity

issues affecting VSX behavior. These problems are listed according to the order in which you will likely

encounter them. Before reading and following a certain workaround, make sure you've read all the previous

workarounds, and that those steps in the configuration were successful.

In some of the cases, one initial problem can cause problems in later stages of the configuration. For that

reason, it is important to find the root of the problem when you are trying to understand what went wrong.

General Troubleshooting Steps

If you suspect that there is a problem with your VSX configuration, there are several diagnostic procedures

that you can follow to determine the source. These procedures utilize various commands documented in the

Command Line section ("Command Line Reference" on page 183).

1. Perform a basic configuration check for each gateway or cluster member by running the fw vsx stat

-v command. The output will allow you to:

a) Account for all Virtual Systems and verify that none are missing from the configuration.

b) Verify that all Virtual devices are active

c) Verify that the correct security policy is installed for each Virtual System

d) Verify the SIC trust has been established with the management server

2. Run the cplic print command on each VSX gateway, cluster member and management server to

verify that you have the appropriate licenses installed.

3. Run the cphaprob stat command on each cluster member to verify its status. If a member is listed

with a status other than Active, Standby, or Backup, refer to the "Troubleshooting" chapter in the

R75.20 ClusterXL Administration Guide

(http://supportcontent.checkpoint.com/documentation_download?ID=12265) for additional

troubleshooting assistance.

4. If you suspect that a Virtual System is experiencing connectivity problems, perform the following steps:

a) Run: vsx set to set the context to the appropriate Virtual System.

b) Run fw [-v vsname | vsid] getifs to display the interface list for the Virtual System.