Take a Custom Application Packet Capture
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Take a Custom Application Packet Capture
You can configure a Palo Alto Networks firewall
to take a packet capture based on an application name and filters
that you define. You can then use the packet capture to troubleshoot
issues with controlling an application. When configuring an application
packet capture, you must use the application name defined in the
App-ID database. You can view a list of all App-ID applications
using Applipedia or from the web interface
on the firewall in ObjectsApplications.
- Using a terminal emulation application, such as PuTTY, launch an SSH session to the firewall.Turn on the application packet capture and define filters.
admin@PA-220>set application dump on application <application-name> rule <rule-name>
For example, to capture packets for the linkedin-base application that matches the security rule named Social Networking Apps, run the following CLI command:admin@PA-220>set application dump on application linkedin-base rule "Social Networking Apps"
You can also apply other filters, such as source IP address and destination IP address.View the packet capture output to ensure that the correct filters are applied. The output displays after you enable the packet capture.The following output confirms that application capture filtering is now based on the linkedin-base application for traffic that matches the Social Networking Apps rule.Access linkedin.com from a web browser and perform some LinkedIn tasks to generate LinkedIn traffic, and then run the following CLI command to turn off application packet capture:admin@PA-220>set application dump off
View/export the packet capture.- Log in to the web interface on the firewall and select MonitorLogsTraffic.In the log entry that you are interested in, click the green packet capture iconView the packet capture directly or Export it to your computer. The following screen capture shows the linkedin-base packet capture.