Enable Threat Packet Capture

  • Objects > Security Profiles
To enable the firewall to capture packets when it detects a threat, enable the packet capture option in the security profile.
First select ObjectsSecurity Profiles and then modify the desired profile as described in the following table:
Packet Capture Options in Security Profiles
Select a custom antivirus profile and, in the Antivirus tab, select Packet Capture.
Select a custom Anti-Spyware profile, click the DNS Signatures tab and, in the Packet Capture drop-down, select single-packet or extended-capture.
Vulnerability Protection
Select a custom Vulnerability Protection profile and, in the Rules tab, click Add to add a new rule or select an existing rule. Then select the Packet Capture drop-down and select single-packet or extended-capture.
In Anti-Spyware and Vulnerability Protection profiles, you can also enable packet capture on exceptions. Click the Exceptions tab and in the Packet Capture column for a signature, click the drop-down and select single-packet or extended-capture.
(Optional) To define the length of a threat packet capture based on the number of packets captured (which is based on a global setting), select DeviceSetupContent-ID and, in the Content-ID™ Settings section, modify the Extended Packet Capture Length (packets) field (range is 1-50; default is 5).
After you enable packet capture on a security profile, you need to verify that the profile is part of a security rule. For information on how to add a security profile to a security rule, see Security Policy Overview.
Each time the firewall detects a threat when packet capture is enabled on the security profile, you can download ( packet_capture_icon.png ) or export the packet capture.

Related Documentation