05-17-2024 01:10 PM
Hello,
In our Palo Alto the traffic is allowed on the firewall but it is not working. When we did packet capture we found that return traffic in drop stage. To find the cause of the packet drop I have set the filter using 'Manage Filters' in GUI then use the following command.
debug dataplane packet-diag set filter on
but I am unable to see any output in the command - show counter global filter packet-filter yes delta yes severity drop
What should be the approach to find the cause of packet drop by firewall.
05-20-2024 06:06 PM
I would recommend not use "severity drop" on your command.
Here is one example, as described, there are some counter which is warning with packet drops
====
> show counter global name tcp_drop_out_of_wnd
Name: tcp_drop_out_of_wnd
Value: 0
Severity: Warning
Category: tcp
Aspect: resource
Description: out-of-window packets dropped
====
05-21-2024 03:01 PM
Hello,
Check the unified logs in the gui. This should tell you everything you need to know if/where the traffic is getting dropped/blocked.
Regarsds,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
