- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-13-2016 04:45 AM
Hello
One of our proxy server was not able to go to internet. The problem I later found that NAT was not configured for that proxy server.
To troubleshoot the issue, I just enabled debug flow for that proxy using filters but output of debug was not showing any information related to NAT? It was just showing route lookup and policy lookup is fine.
My question is how to get NAT related information OR threat related information (like traffic drop due to IPS signature match) in debug flow?
11-14-2016 01:39 AM
here's a good starter : Getting Started: Flow Basic
if you set flow basic
> debug dataplane packet-diag set log feature flow basic
you will capture the basic flow, so outbound and inbound packets, including nat
you mentioned NAT was not configured, so that would also mean flow basic will not return NAT properties
for additional information regarding your flow, you will need to enable different log features
admin@myNGFW> debug dataplane packet-diag set log feature > all all > appid appid > cfg cfg > ctd ctd > flow flow > misc misc > module module > pow pow > proxy proxy > ssl ssl > tcp tcp > tunnel tunnel > url_trie url_trie > zip zip
so for threat information you would need to enable the 'ctd basic' feature and for appid the 'appid basic' etc.
beware that the more features you enable, the noisier the output log will be and the more resources will be required from the dataplane to capture all this information. you will want to set VERY strict filters and keep a close eye on the dataplane CPU usage
> show running resource-monitor second
11-14-2016 01:39 AM
here's a good starter : Getting Started: Flow Basic
if you set flow basic
> debug dataplane packet-diag set log feature flow basic
you will capture the basic flow, so outbound and inbound packets, including nat
you mentioned NAT was not configured, so that would also mean flow basic will not return NAT properties
for additional information regarding your flow, you will need to enable different log features
admin@myNGFW> debug dataplane packet-diag set log feature > all all > appid appid > cfg cfg > ctd ctd > flow flow > misc misc > module module > pow pow > proxy proxy > ssl ssl > tcp tcp > tunnel tunnel > url_trie url_trie > zip zip
so for threat information you would need to enable the 'ctd basic' feature and for appid the 'appid basic' etc.
beware that the more features you enable, the noisier the output log will be and the more resources will be required from the dataplane to capture all this information. you will want to set VERY strict filters and keep a close eye on the dataplane CPU usage
> show running resource-monitor second
11-16-2016 09:50 AM
Hey reaper do you know any document that explains those diferent flow options in more detail?
11-17-2016 07:34 AM
nothing comprehensive... i'll add this to my todo list 😉
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!