KB Article | Forcepoint Support

Notes & Warnings

For video showing how to collect NGFW engine sgInfo, see Video: Collecting Next Generation Firewall (NGFW) sgInfo.

Problem Description

Sginfo script is a tool that gathers information from NGFW product environments and places them into a compressed file. This information is required for troubleshooting when you contact Technical Support. The sginfo script is included by default in all engines and Management/Log Server distributions.

Note The data collected is a snapshot of the current situation; therefore, the problematic configuration should be active at the time output is collected.

Resolution

NGFW Engine

By default, engine configuration files are encrypted. You must turn configuration encryption off and re-install the security policy to NGFW engines before you run the script on the engines:
  1. Open the Management Client, and login to SMC.
  2. Select the Home view.
  3. Right-click the NGFW engine element, and select Edit <engine_element_type> <engine_element_name>
  4. Switch to Advanced Settings tab, and deselect Encrypt configuration data.
  5. Click OK to save the configuration change.
  6. Refresh the current security policy by right-clicking NGFW engine element, and selecting Current Policy > Refresh.

Important With Master Engine setups, sgInfo can be collected only from Master Engines. However Encrypt Configuration Data is defined on per Virtual Engine basis. Thus when issue is related to Virtual Engine, make sure to disable configuration encryption on properties of Virtual Engine related to problem, and then collect sgInfo from Master Engine nodes.

There are two ways to run the sginfo script. Forcepoint recommends that you run the sginfo script from the Management Client.
 

Collecting engine sgInfo via Management Client

  1. Open the Management Client, and login to SMC.
  2. Right-click the NGFW node element.
  3. Select Commands > Collect sgInfo.
  4. In the Task Properties window, you can select several nodes for simultaneous script collection if required.
  5. Define the location for the output file(s) and select OK to run the script.
 

Collecting engine sgInfo via command line 

Run the script from the command line using the sginfo command.
If the engine configuration is encrypted and due to the issue, a new policy cannot be installed, collect the sginfo using the command sginfo -f.
If you want to collect possible kernel dump and core files, use the command sginfo -d

Note All command line options are listed by sginfo -h.

Because the location of the sginfo script is listed in the system PATH environment variable, the script can be executed in any directory of the firewall engine. The output of the script will be generated in a compressed tar packet under the /spool/sginfos directory. The output file is named: [hostname].[date]-[time].tar.gz (e.g. node1.20130428-163644.tar.gz).

 

Management, Log and Web Portal server

There are two ways to run the sginfo script. Forcepoint recommends that you run it from the Management Client:
 

Collecting sgInfo via Management Client

  1. Login to SMC using Management Client.
  2. Right-click the Management Server, Log Server, or Web Portal Server element.
  3. Select Tools, and Collect sgInfo.
  4. In the Task Properties window, you can select several servers for simultaneous script collection if required.
  5. Define the location for the output file(s) and select OK to run the script.
Note SMC server sgInfo will include traces and content for all SMC server components installed on the host. Thus there's no need to collect sgInfo separate from e.g. Management Server and Log Server if both are installed on same host.
 

Collecting sgInfo via SMC server command line

Run the script from the command line. 

Script location:

Linux: <smc_installation_directory>/bin/sgInfo.sh
Microsoft Windows: <smc_installation_directory>\bin\sgInfo.bat

Run the script in its original location. The output of the script will be generated by default in the user's home directory. For example in Windows:

Home Directory: C:\Users\Administrator\ 

The output file is named: sginfo_mgt_[date]_N.zip (where N is a unique sequence number)

 

Management Client

The Management Client has the option to collect sginfo from itself. The output might be informative if the issue is specific to the Client, for example a GUI problem or issue in communication between the Client and SMC servers.

  1. Open the Management Client, and login to SMC.
  2. Select Menu > System Tools > Collect Management Client sgInfo.
  3. Click OK.

The resulting file is saved to the users home directory and named sginfo_client_[build]_[date]_N.zip.

 

Legacy SSL VPN Engines

There are two ways to run the sgInfo script. Forcepoint recommends that you run the script from the command line:
 

Collecting sgInfo using command line

Because the location of the sginfo script is listed in the system PATH environment variable, the script can be executed in any directory of the SSL VPN engine. The output of the script will be generated in a compressed tar packet under the /data/home/root/ directory. If sginfo is run for troubleshooting purposes, Forcepoint recommends that you use the --with-backup option to include the engine's backup in the generated file. So in this case you would issue the command sginfo --with-backup.

The output file is named: sgInfo-[hostname]-[date]-[time].tar.gz
 

Collecting sgInfo using Webmin console

Connect to the webmin console on port 10000 and login with the admin account. Expand the System section and click on Sginfo Management. Enable the option "Launch a backup with --include-spool and include it in sginfo", click Create Sginfo. Once the sginfo is created, click on the Save button to download it.
 

Collecting sgInfo via Management Client

If you have connected the SSL VPN to the SMC, you can run sginfo from the Management Client:

  1. Right-click the SSL VPN node.
  2. Select Commands, Get sgInfo.
  3. In the Task Properties window, you can select several nodes for simultaneous script collection if required.
  4. Define the location for the file(s), and select OK to run the script.




Keywords: sginfo; troubleshooting; collecting data

Article Feedback



Thank you for the feedback and comments.