Can some one help with documentation with running debug commands on palo alto firewalls.
For example syntax to monitor traffic between two particular host.
Thanks for help in advance.
You can use following document for detailed description :
You can also run "show session all filter source <ip> destination <ip>" to view the traffic flow through the device. You can narrow it down to zones, ports and application. HTH
something more granular but be sure to confirm filter is enabled and to clear the debugging when you're done. This can be intrusive debugging so doing it carefully is highly recommended
Below are the steps that i would take to troubleshoot but be sure to turn off all the debugging after you are done. Since this is CPU intensive and make sure setup filter on traffic that you are interested in debugging.
Hope this helps.
1. Need to setup the filters for the traffic we are interested in. To do this, execute the following steps:
Navigate to Monitor--Packet Capture
Click 'Manage Filters'
Set Filter ID 1 to be the source IP and destination IP of traffic you feel is affected ( leave all other fields blank )
Set Filter ID 2 to be the exact inverse of what you did in step 3 (destination IP in source field, Source IP in destination field)
2. Setup up the captures
Create and name the file stage for a packet capture on all the stages (receive, transmit, firewall and drop)
3. setup the flow basic
debug dataplane packet-diag set log feature flow basic
debug dataplane packet-diag set log feature ctd basic
4. Clear old logs flow basic logs
debug dataplane packet-diag clear log log
5. Enable filters, captures and logs
debug dataplane packet-diag set filter on
debug dataplane packet-diag set capture on
debug dataplane packet-diag set log on
6. open 3 CLI windows
on 1 run the following command to look at the counter ( make sure it run this command once before running the traffic)
show counter global filter packet-filter yes delta yes
on the 2nd window run the following command to look at he sessions
show session all filter source <ip address> destination <ip address>
On the 3rd window run the tail for the flow basic
tail follow yes dp-log pan_task_*
7. Now run the test while it fails .
8. Turn off all the debugging that was enabled
debug dataplane packet-diag set log off
debug dataplane packet-diag set filter off
debug dataplane packet-diag set capture off
9. Aggregate the flow basic logs
CLI command (be sure to do this AFTER disabling the data plane debug logging such as flow basic):
debug dataplane packet-diag aggregate-logs
Either 'show session all filer source x.x.x.x destination y.y.y.y' or set the filter in the PCAP should give you the ability of checking the traffic running between two specific hosts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!