Support Center > Search Results > SecureKnowledge Details
VPN traffic fails when collecting kernel debug with a filter "fw ctl debug -e" and SecureXL is disabled
Symptoms
  • VPN traffic fails when collecting kernel debug with a filter "fw ctl debug -e" and SecureXL is disabled:

    [Expert@HostName:0]# fwaccel off
    [Expert@HostName:0]# fw ctl debug 0
    [Expert@HostName:0]# fw ctl debug -buf 32000
    [Expert@HostName:0]# fw ctl debug -e "<expression>"
    

    VPN traffic fails as soon as the "fw ctl debug -e ..." command is executed (e.g., fw ctl debug -e "accept host(192.168.10.22);").

  • The issue does not occur if SecureXL is enabled.

Cause

With debug filter, returning packet (Server-to-Client) is being looked up at an early stage, while VPN external IP addresses are used. As a result, the connection is not found in the Connections table (because in the Connections table the real IP addresses are recorded), and the packet is dropped.


Solution
Note: To view this solution you need to Sign In .