Solution
Follow these steps:
Connect to command line on Security Management Server / Multi-Domain Security Management Server.
Log in to Expert mode.
On Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server:
[Expert@HostName:0]# mdsenv
Start the debug of FWM daemon:
[Expert@HostName:0]# fw debug fwm on TDERROR_ALL_ALL=5
[Expert@HostName:0]# fw debug fwm on OPSEC_DEBUG_LEVEL=3
Verify the policy under debug:
Policy Syntax
Security Policy :fwm -d verify $FWDIR/conf/.W 1>> /var/log/Security_Policy_Verification_debug.txt 2>> /var/log/Security_Policy_Verification_debug.txt
Threat Prevention Policy :fwm -d verify -p threatprevention $FWDIR/conf/.W 1>> /var/log/Threat_Prevention_Policy_Verification_debug.txt 2>> /var/log/Threat_Prevention_Policy_Verification_debug.txt
Desktop Policy :fwm -d verify $FWDIR/conf/.S 1>> /var/log/Desktop_Policy_Verification_debug.txt 2>> /var/log/Desktop_Policy_Verification_debug.txt
QoS Policy :fgate -d verify $FWDIR/conf/.F 1>> /var/log/QoS_Policy_Verification_debug.txt 2>> /var/log/QoS_Policy_Verification_debug.txt
Notes:
– is the name of the involved policy package as appears in SmartDashboard R7x / SmartConsole R8x
Take all the relevant outputs / screenshots.
Stop the debug of FWM daemon:
[Expert@HostName:0]# fw debug fwm off TDERROR_ALL_ALL=0
[Expert@HostName:0]# fw debug fwm off OPSEC_DEBUG_LEVEL=0