The following tech short will provide a list of commands used to enable debugging in Checkpoint’s R77.30 Firewall. To start you must SSH into firewall host (or active member).
To turn on VPN debug from the expert mode:
# vpn debug trunc
At this point you want to test your VPN connection and verify that IKE Phases. This can be done with the following commands:
# vpn tu (option 1 and 2), you may need to reset tunnel to test. This is done by using (option 7)
To tune off the VPN debug the following commands should be issued:
# vpn debug off
# vpn debug ike off
When completed retrieve the logs vpnd.elg and ike.elg – located under $FWDIR/log
Checkpoint has an IKEView tool which is located on their site, and used to review the logs, else using a tool such as Notepad++ for analysis is helpful.