Device Security
Enable Packet Capture Collection
Table of Contents
Enable Packet Capture Collection
Authorize packet capture on firewalls for use by the Device Security Research Team.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following subscriptions:
|
Enable on-demand packet capture (pcap) to help Palo Alto Networks significantly
improve the accuracy and completeness of device identification and
application recognition (App-ID) within your environment. When
active, pcap collection allows our Device Security Research Team to securely
perform targeted, temporary packet captures on your NGFW.
Analyzing PCAPs helps us develop more precise identification signatures,
providing enhanced security protections for you.
How Packet Capture Works & Security Controls
Our Device Security Research Team initiates packet captures using the same
secure, remote channel established for firewall support and debugging.
Packet captures don't impact firewall performance and don't grant any ability
to modify your security policy rules or controls. Packet capture collection
can’t be enabled in FedRAMP (moderate and high) environments or
tenants based in the China region.
We prioritize your data security and privacy. All pcap files are encrypted both
in transit and at rest. Furthermore, any personal information or
customer identifying information that might be inadvertently collected in the
packet capture will never leave your cloud region and will never be utilized
by our research team. All packet capture files are automatically deleted after
120 days. You can also disable pcap collection and request the deletion of
your data at any time by opening a support ticket.
For more information about the types of data that Device Security might
collect, see the IoT/OT Security Privacy Datasheet.
Enable On-Demand Packet Capture
For the Device Security Research Team to use pcap collection to collect
network traffic metadata, you must first authorize packet capturing for your
tenant, and then install the OpenConfig plugin on your firewalls.
Depending on the version of PAN-OS that your firewalls are
running, they might already have the OpenConfig plugin installed.
To support packet capture on firewalls, they must be running:
- PAN-OS 10.2.10 or later 10.2 releases
- PAN-OS 11.1.0 or later
- Log in to PAN-OS and install the OpenConfig plugin.
- Select and search for OpenConfig.Download version 2.1.0 or later and then Install it.Log in to Device Security with a user account with the right privileges.If you're using Device Security in Strata Cloud Manager, you need to have the superuser role.If you're using the Device Security standalone portal, the user account needs administrator or owner privileges.Navigate to On-Demand PCAP.Strata Cloud Manager Select .Device Security Select .Select the toggle to authorize on-demand pcap for your tenant.If you want to deauthorize on-demand pcap, deselect the toggle.
