Wednesday, September 10, 2025

Advance debug Troubleshooting Palo Alto Firewall - Packet Filter

 

Advance debug Troubleshooting Palo Alto Firewall

1. Global Counters

2. Packet Filter & Capture

3. Flow Basic


Flow Basic

----------

>Debug dataplane packet-diag clear all

> debug dataplane packet-diag set filter index 1 match source x.x.x.x destination x.x.x.x destination-port 80 protocol 6
> debug dataplane packet-diag set filter index 2 match source x.x.x.x destination x.x.x.x source-port 80 protocol 6
> debug dataplane packet-diag set filter on
> debug dataplane packet-diag show setting

> debug dataplane packet-diag set capture stage drop file dp.pcap
> debug dataplane packet-diag set capture stage firewall file fw.pcap
> debug dataplane packet-diag set capture stage transmit file tx.pcap
> debug dataplane packet-diag set capture stage receive file rx.pcap
> debug dataplane packet-diag set capture on
> debug dataplane packet-diag show setting


you can also see the capture information on GUI  Monitor PacketCapture 
Initiate the Test from source to destination traffic 

>view-pcap filter-pcap fw.pcap
 or you can download it from GUI  Monitor PacketCapture and open it with wireshark


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Global Protect Troubleshooting

Global Protect Components Certificate Management Connections Authentication Debugging https://www.youtube.com/watch?v=0Z48WHvyW0Q authentica...