Thank you! This specific video isn´t really part of CCSA / CCSE but its something that is very usefull in real world senarios. We put in more and more security so logs is something that do increase every year and its good to know that there are options :)

Thank you, do you really find fw ctl chain usefull? i mean if you need to do that advance troubleshooting normally you do that together with TAC. My personal view of issues and troubleshooting is, if it takes more then 1h to resolve it involve tac because then its a bug :) I mean the only reason why i ever do tcpdumps or similar commands is to prove a point that the traffic is passing the firewall to someone else (like a server guy) Commands such as checking connections with fw ctl conntab, drops etc those i understand but i see very little value in actually checking the ctl chain. I do belive its part of the CCSE certificate to understand iIoO and such. i havn´t checked the CCSM whats included there. But way way above CCSA atleast :D When do you normally use this command?

" fwl ctl chain " command output looks very weird to me.So I have tried to understand this by referring some youtube video but not successful .So I am curious to know .

I think Heiko in the checkmates forum has described it some, but honestly i never use it. And as we manage 300+ check point firewalls i think the audience of ppl actually checking those things are very small. For me its to complicated topic to make a video on that ppl actaully would watch, so its not worth the time it would take, sorry sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/fw-ctl-chain.htm?tocpath=Security%20Gateway%20Commands%7Cfw%7Cfw%20ctl%7C_____4 Here is an SK for the kernel debug where its included. But as mention before, if you need this command you already troubleshooting with tac :) supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98799

I think fw chain, is a little over CCSA level.. But you have a good point.

My understanding of it, as a quick referense, fw ctl chain, list all the "steps/functions" that you have activated on your box. When you use fw monitor you are able to add -p all to see where a package is dropped/accepted within this flow. Meaning if you have securexl active, with -p all you will be able to see if its actually passing the securexl within the gateway. If you see that its dropped within this, you can then do fwaccell off to see if this resolves the issue (if it dose you have a bug as securexl is used to accelerate the traffic)

Hi, personally i dont go in to any maintenance mode.

Thank you!

Should be the same yes :)

i would say revert snapshot / backup and remake it. thats probably faster and easier.

Thanks m8 :) I promise to fix the MDS and VSX videos soon :)

Tackar :)

Hi Rikard, its listed in the description, more or less i use vmware workstation on my normal desktop. With new CPUs and alot of ram its no issue to run pretty cool labs :)