10-30-2015 11:53 AM - edited 10-30-2015 12:47 PM
Hi there,
We have just moved from a Juniper SSG-550 with around 700 policies to a PaloAlto 3050.
Naturally this has thrown up a few issues!
Can anyone explain how to do the equivalent of a Juniper “debug flow basic” on the PaloAlto?
On the Juniper, this would all you to follow the journey of a packet from ingress to egress, through the entire decision making progress of the firewall as it processed the packet making troubleshooting very simple.
I’m finding that packet captures, “test” commands and “debug dataplane packet-diag set log feature flow basic” on the PaloAlto a little erratic.
To do the dataplane flow debug I’m following instructions here:
However, i'm finding that filters do not appear to be getting applied correctly.
More often than not the logs appear to show no traffic filter is in effect and everything is being logged, yet "debug dataplane packet-diag show setting" shows that the packet filter is enabled, and correctly configured.
Can anyone help?
We are running v7.0.3.
Many thanks,
Mark.
