Basic Checkpoint Troubleshooting

For every enterprise level stateful inspection firewall the following three basic

troubleshooting steps apply.

1. Check the logs :

The logs will indicate if traffic was accepted or denied.

2. Check the routes:

Verify if the routes point to the right gateway addresses for the source and destination

IP.

3. Perform debug/snoop/tcpdump:

To verify if there is any return traffic (tcp/syn-ack) from the destination.

-

Checkpoint Firewalls:

1. check the logs : Using smartview tracker

2. check the routes: netstat -rn or route get ip , echo sh route dest iclid.

3. perform tcpdump/snoop.