Menü Kapat

HOWTO: Debug Policy Verification

Solution
Follow these steps:

Connect to command line on Security Management Server / Multi-Domain Security Management Server.

Log in to Expert mode.

On Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server:

[Expert@HostName:0]# mdsenv
Start the debug of FWM daemon:

[Expert@HostName:0]# fw debug fwm on TDERROR_ALL_ALL=5
[Expert@HostName:0]# fw debug fwm on OPSEC_DEBUG_LEVEL=3
Verify the policy under debug:

Policy Syntax
Security Policy :fwm -d verify $FWDIR/conf/.W 1>> /var/log/Security_Policy_Verification_debug.txt 2>> /var/log/Security_Policy_Verification_debug.txt
Threat Prevention Policy :fwm -d verify -p threatprevention $FWDIR/conf/.W 1>> /var/log/Threat_Prevention_Policy_Verification_debug.txt 2>> /var/log/Threat_Prevention_Policy_Verification_debug.txt
Desktop Policy :fwm -d verify $FWDIR/conf/.S 1>> /var/log/Desktop_Policy_Verification_debug.txt 2>> /var/log/Desktop_Policy_Verification_debug.txt
QoS Policy :fgate -d verify $FWDIR/conf/.F 1>> /var/log/QoS_Policy_Verification_debug.txt 2>> /var/log/QoS_Policy_Verification_debug.txt
Notes:

– is the name of the involved policy package as appears in SmartDashboard R7x / SmartConsole R8x
Take all the relevant outputs / screenshots.

Stop the debug of FWM daemon:

[Expert@HostName:0]# fw debug fwm off TDERROR_ALL_ALL=0
[Expert@HostName:0]# fw debug fwm off OPSEC_DEBUG_LEVEL=0

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir