I noticed that the command for running traffic captures use debug "dataplane". Which would mean that we would not be able to see traffic on the management interface as I am assuming the management interface is not part of the dataplane.
I was troubleshooting an issue with packets being sent to a couple of our logging servers. One was not seeing the traffic , but others were. The ability to run captures on the management interface would have helped me troubleshoot this issue faster.
Is it possible to run captures on the Management interface ? If not can we have this logged as a feature request ?
I did receive a suggestion to use a vwire to have the management interface send the traffic through the dataports and onto the connected management switch , I will be trying this as a work around for now.
Please submit feature requests to your Palo Alto Networks sales team. They will submit on your behalf. We use customer demand to prioritize feature implementation and as such your feedback to your sales team helps drive product development priorities.
I believe that packet capture on the management interface is on the product road map, but for now you can use the service route feature (Device tab -> Setup -> Service Route Configuration) to re-direct your logging traffic to an L3 interface on the dataplane and then perform a packet capture on that traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!