Friday, June 01, 2007

Q: Where are Checkpoint state table timeouts logged?

A:

To troubleshoot why TCP packets are getting dropped due to out-of-state (o-o-s) way before it seems they should according to the "service" settings, I need to look at the log of state table changes.

It seems that the table can be dumped as ASCII by logging onto the firewall and issuing this command: fw tab -t connections -max 1000. In this example I used 1000 for the max; if this is not enough, you will see "more..." at the end of the table. Note that the table produced, although text, is not really human-readable.