To configure the firewall to take a packet
capture (pcap) when it detects a threat, enable packet capture on
Antivirus, Anti-Spyware, and Vulnerability Protection security profiles.
Enable the packet capture option in the security
Some security profiles allow you to define a single-packet
capture, or extended-capture. If you choose extended-capture, define
the capture length. This will allow the firewall to capture more
packets to provide additional context related to the threat.
the action for a given threat is set to an action other than allow,
the firewall captures only the packet(s) that match the threat signature.
the packet capture option for the supported profiles as follows:
—Select a custom
antivirus profile and in the
—Select a custom Anti-Spyware
profile, click the
custom Vulnerability Protection profile and in the
to add a new rule, or select an
existing rule. Set
the profile has signature exceptions defined, click the
and in the
column for a signature,
) If you selected
any of the profiles, define the extended packet capture length.
edit the Content-ID Settings.
Extended Packet Capture Length (packets)
the number of packets that the firewall will capture (range is 1-50;
default is 5).
Add the security profile (with packet capture enabled)
to a Security
and select a rule.
In the Profile Settings section, select a profile
that has packet capture enabled.
For example, click the
select a profile that has packet capture enabled.
View/export the packet capture from the Threat logs.
In the log entry that you are interested in, click
the green packet capture icon
in the second column. View the
packet capture directly or