https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126114#M46494 <P>Thanks !</P> Mon, 14 Nov 2016 11:36:31 GMT ghostrider 2016-11-14T11:36:31Z https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126028#M46476 <P>Hello</P><P>&nbsp;</P><P>One of our proxy server was not able to go to internet. The problem I later found that NAT was not configured for that proxy server.</P><P>&nbsp;</P><P>To troubleshoot the issue, I just enabled debug flow for that proxy using filters but output of debug was not showing any information related to NAT? It was just showing route lookup and policy lookup is fine.</P><P>&nbsp;</P><P>My question is how to get NAT related information OR threat related information (like traffic drop due to IPS signature match) in debug flow?</P> Sun, 13 Nov 2016 12:45:34 GMT https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126028#M46476 ghostrider 2016-11-13T12:45:34Z https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126094#M46490 <P>here's a good starter : <A href="https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Flow-Basic/ta-p/72556" target="_blank"> Getting Started: Flow Basic</A></P> <P>&nbsp;</P> <P>if you set flow basic</P> <PRE>&gt; debug dataplane packet-diag set log feature flow basic </PRE> <P>you will capture the basic flow, so outbound and inbound packets, including nat</P> <P>you mentioned NAT was not configured, so that would also mean flow basic will not return NAT properties</P> <P>&nbsp;</P> <P>for additional information regarding your flow, you will need to enable different log features</P> <P>&nbsp;</P> <PRE>admin@myNGFW&gt; debug dataplane packet-diag set log feature &gt; all all &gt; appid appid &gt; cfg cfg &gt; ctd ctd &gt; flow flow &gt; misc misc &gt; module module &gt; pow pow &gt; proxy proxy &gt; ssl ssl &gt; tcp tcp &gt; tunnel tunnel &gt; url_trie url_trie &gt; zip zip </PRE> <P>so for threat information you would need to enable the 'ctd basic' feature and for appid the 'appid basic' etc.</P> <P>&nbsp;</P> <P>beware that the more features you enable, the noisier the output log will be and the more resources will be required from the dataplane to capture all this information. you will want to set VERY strict filters and keep a close eye on the dataplane CPU usage</P> <PRE>&gt; show running resource-monitor second</PRE> Mon, 14 Nov 2016 09:39:49 GMT https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126094#M46490 reaper 2016-11-14T09:39:49Z https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126114#M46494 <P>Thanks !</P> Mon, 14 Nov 2016 11:36:31 GMT https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126114#M46494 ghostrider 2016-11-14T11:36:31Z https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126810#M46553 <P>Hey reaper do you know any document that explains those diferent flow options in more detail?</P> Wed, 16 Nov 2016 17:50:19 GMT https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/126810#M46553 Raido_Rattameister 2016-11-16T17:50:19Z https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/127082#M46585 <P>nothing comprehensive... i'll add this to my todo list <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Thu, 17 Nov 2016 15:34:27 GMT https://live.paloaltonetworks.com/t5/general-topics/debug-flow-does-not-show-nat-and-threat-related-drop-information/m-p/127082#M46585 reaper 2016-11-17T15:34:27Z