Saturday, January 29, 2011

Debugging NAT problems with SmartSPLAT


I have added a NAT section to SmartSPLAT some commands related to the new tab:


To Debug Nat related issues,

Start debug
# fw ctl debug 0
# fw ctl debug -buf 2048
# fw ctl debug xlate xltrc
# fw ctl kdebug -f > kdebug.out

stop debug
# fw ctl debug 0


My way to debug with fw monitor,
#fw monitor -e 'accept src=xxx or src=yyy or dst=xxx or dst=yyy;' -o fwmon.cap


NAT tables are not cleared upon Security Policy installation.
To manually clear the NAT tables,
#fw tab -t fwx_alloc -x


To see the maximum capacity,
# fw tab -t connections | grep limit


To see the NAT Limit
# fw tab -t fwx_alloc | grep limit


To see NAT Statistics
#fw tab –t fwx_alloc -t fwx_cache –s

SmartSPLAT
 FREE SSH Software for Checkpoint Firewalls