TABLE OF CONTENTS Any advanced network security product needs a set of troubleshooting tools. This chapter covers the debugging and troubleshooting features available on the Check Point NGX R65 suite. Many of the troubleshooting methods detailed in this chapter will work on any NG- or NGX-based Check Point firewall.
To understand troubleshooting methodology, a deep understanding of the Check Point internal workings and directory structure is in order. As mentioned earlier in this book, Check Point VPN-1 is a software-based firewall product. Check Point can run on Check Point Secure Platform, Red Hat Linux, Sun Solaris, HP-UX, IBM AIX, Nokia IPSO (BSD), and Windows Server. The only major differences between the different operating system installs are the install scripts and the kernel bindings. The Check Point directory structure is the same across the different operation systems, with the exception of Windows, which adds an extra line feed to the various text files.
The firewall creates two directory trees. The SVN Foundation tree (a.k.a. the cpshared tree) is installed in the $CPDIR directory. This Windows install installs in %CPDIR%, following the Microsoft environment variable format. The firewall package installs in the $FWDIR directory. Note that the $CPDIR/bin and $FWDIR/bin directories are in the root/admin user s path environment variable.
Here are some of the directories created that are important to mention:
$CPDIR/bin Contains the cpconfig and cplic utilities
$FWDIR/bin Contains the firewall and management daemons
$FWDIR/conf Contains...
