CheckPoint advanced VPN Debugging

CheckPoint shows basic VPN information in SmartDashboard VPN section.
but sometimes there is not enough information on certain problems (like id mismatch).
There is a way to obtain more detailed logs (sort of Cisco’s “debug crypto ipsec” command).

To turn on VPN debug log enter the following command:

[code] vpn debug trunc; vpn debug ikeon[/code]

This will enable log output to $FWDIR/log/ike.elg
To read the file output in a more convenient way, download Checkpoint’s *IKEView.exe* utility (Windows only):

http://pingtool.org/downloads/IKEView.exe

Don’t forget to stop the debug with command:

[code] vpn debug off; vpn debug ikeoff [/code]

Source: sk33327

Leave a Reply

Your email address will not be published. Required fields are marked *