Troubleshoot Microperimeter with Diagnostic Bundles
Orient yourself with diagnostic bundle commands.
| Where Can I Use This? | What Do I Need? |
|---|
|
|
- Private and public cloud platforms, including ESXi, KVM,
Nutanix, AWS, Azure, and GCP.
|
The Microperimeter (PAN Traffic Redirector) agent includes built-in diagnostic tools to
help you identify and resolve issues with traffic redirection, GENEVE tunnel
establishment, or security policy enforcement. Similar to a Technical Support File (TSF)
used in PAN-OSĀ®, the diagnostic bundle provides a point-in-time snapshot of the agent
status, host network configuration, and recent traffic patterns.
Generate a Diagnostic Bundle
You can generate a comprehensive diagnostic tarball to collect system logs and
network configuration data for troubleshooting.
- Run the diagnostic command - Open a terminal on your Linux
workload.
- Enter the following command to create a bundle (replace
diag.tar with your preferred filename):
panredirect diag --out diag.tar. The agent will collect
system metadata and save the output to a compressed tarball in your current
directory.
Diagnostic Bundle Contents
The diagnostic bundle contains several files that help you audit the host's
networking state and the agent's behavior. The following table describes the key
components:
| File Name | Description |
|---|
| fwdiag.pcap | A 10-second packet capture (tcpdump) on the interface with the
route to the firewall. |
| curl-test.out | Output of test curl commands to verify HTTP connectivity. |
| ping-test.out | Results of ICMP tests to verify basic L3 reachability. |
| ip-rules.out / ip-show-routes.out | Current IP routing rules and a dump of the routing table. |
| iptables-rules-t-filter.out | A dump of all active iptables filter rules. |
| sysctl-all.out | Output of all kernel parameters (sysctl
--all). |
| package-list.out | A list of all installed software packages on the
workload. |
