CheckPoint advanced VPN Debugging

CheckPoint shows basic VPN information in SmartDashboard VPN section.
but sometimes there is not enough information on certain problems (like id mismatch).
There is a way to obtain more detailed logs (sort of Cisco’s “debug crypto ipsec” command).

To turn on VPN debug log enter the following command:

 vpn debug trunc; vpn debug ikeon

This will enable log output to $FWDIR/log/ike.elg
To read the file output in a more convenient way, download Checkpoint’s *IKEView.exe* utility (Windows only):

http://pingtool.org/downloads/IKEView.exe

Don’t forget to stop the debug with command:

 vpn debug off; vpn debug ikeoff  

Source: sk33327

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>