Can someone help me with command to capture accepted and dropped traffic through cli or through webui interface of firewall.
I tried command show log traffic dst/src/sport/dport but looks like show log traffic in general does not provide good info.
this is really helpful , but how can we check if packet is being dropped by firewall as above mentioned commands are all packet captures, where can we find drop packet logs.
You have to secify files for every type of traffic (ie drop)
debug dataplane packet-diag set capture stage drop file <filename>
If this file has size >0 there is something dropped. Please use Wildshark to open this file and investigate further.
Please find DOC Packet Capture, Debug Flow-basic and Counter Commands . The flow basic will give you the information about drop packet.
You can check the real time session in the CLI by using 'show session all filter source IP_ADD_OF_THE_TESTING_PC destination IP_ADD_OF_THE_DESTINATION'.
> If there is an session exist for the same traffic, then please apply CLI command PAN> show session id XYZ >>>>>>>> to get detailed information about that session, i.e NAT rule, security rule, ingress/egress interface etc.
> verify the global counters, if a specific "DRP" counter is increasing rapidly. The command show counter global provides information about the processes/actions taken on the packets going through the device; if they are dropped, nat-ed, decrypted etc. These counters are for all the traffic going through the device and are useful in troubleshooting issues; like poor performance, packet loss, latency etc. It is advised to use the command show counter global filter packet-filter yes delta yes in conjunction with filters to obtain meaningful data.
For more information, you can follow the DOC What is the Significance of Global Counters?
> You can enable FLOW BASIC feature to understand the exact reason behind the failure:
> debug dataplane packet-diag clear all
> debug dataplane packet-diag set filter match source IP_ADD_OF_THE_TESTING_PC destination IP_ADD_OF_THE_DESTINATION
> debug dataplane packet-diag set filter match source IP_ADD_OF_THE_DESTINATION destination IP_ADD_OF_THE_TESTING_PC
> debug dataplane packet-diag set log feature flow basic
> debug dataplane packet-diag set log feature tcp all
> debug dataplane packet-diag set filter on
> debug dataplane packet-diag set log on
~~~~~~~~~~~~~~~~ Initiate traffic through the PAN firewall/try to browse a website ~~~~~~~~~~~~~~~~~~~~~~~~~
> debug dataplane packet-diag set log off
> debug dataplane packet-diag aggregate-logs
> less mp-log pan_packetdiag_log.log
For more information, you can follow the DOC: Packet Capture, Debug Flow-basic and Counter Commands
Hope this helps.
Packet capture will provide information for Recieved, Transmitted and dropped packets. its a best way to view packets.
Let us know for additional information.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!