You Know More Than I Do
While I know Kellman is going to write about his troubleshooting presentation at CPX (I looked through it, was pretty comprehensive), I wanted to borrow a slide from his presentation that I believe makes a critical point:
(Incidently, Kellman tells me this slide got lots of cheers from the audience. It was fairly early in his slideset.)
Ignoring the fact that I haven’t spent the past few years troubleshooting Check Point Security Gateways, even in my heydey, you always have and always will know about troubleshooting your network than I do.
I have a fairly simple motto for network troubleshooting: follow the bouncing packet. If you know where the packets are coming from, where they are going to, and every point along the way to get there, you are more than half-way to isolating the problem.
While I might know quite a bit about the firewall software and hardware, I don’t know squat about your network. You are in a far better position to know your network than I am.
Often times, the problem you are experiencing isn’t a firewall issue at all. It’s a misconfigured switch, a routing problem, a non firewall-related software issue, or something else. By following the bouncing packet, we can see exactly what is causing the problem and take steps to remedy it.
Once we can verify the packet reaches the firewall, there are a number of tools built into the Check Point Security Gateway to troubleshoot what happens inside the firewall. I won’t attempt to recount those tools here, but sufficed to say, they exist and have been refined over the years. I might even remember how to use a few of them
Once the packet leaves the Check Point Security Gateway, your problems aren’t typically over. There’s a whole different set of networks you might have to traverse to get to your destination, not to mention the trip back! Guess who knows that path better?