Next-Generation Firewall
Enable Threat Packet Capture
Table of Contents
Enable Threat Packet Capture
- Objects > Security Profiles
To enable the firewall to capture packets when it detects a threat,
enable the packet capture option in the security profile.
First select and then modify the desired profile
as described in the following table:
Packet Capture Options
in Security Profiles | Location |
|---|---|
Antivirus | Select a custom antivirus profile and, in
the Antivirus tab, select Packet
Capture. |
Anti-Spyware | Select a custom Anti-Spyware profile, click
the DNS Signatures tab and, in the Packet
Capture drop-down, select single-packet or extended-capture. |
Vulnerability Protection | Select a custom Vulnerability Protection
profile and, in the Rules tab, click Add to
add a new rule or select an existing rule. Then select the Packet Capture drop-down
and select single-packet or extended-capture. |
In Anti-Spyware and Vulnerability Protection profiles,
you can also enable packet capture on exceptions. Click the Exceptions tab
and in the Packet Capture column for a signature, click the drop-down
and select single-packet or extended-capture.
(Optional) To define the length of a threat packet capture
based on the number of packets captured (which is based on a global
setting), select and, in the Content-ID™
Settings section, modify the Extended Packet Capture
Length (packets) field (range is 1-50; default is 5).
After you enable packet capture on a security profile, you need
to verify that the profile is part of a security rule. For information
on how to add a security profile to a security rule, see Security
Policy Overview.
Each time the firewall detects a threat when packet capture is
enabled on the security profile, you can download (
![]()
) or export the packet capture.
