Enable Threat Packet Capture
- Objects > Security Profiles
To enable the firewall to capture packets when it detects a threat, enable the packet capture option in the security profile.
First select ObjectsSecurity Profiles and then modify the desired profile as described in the following table:
Packet Capture Options in Security Profiles
Select a custom antivirus profile and, in the Antivirus tab, select Packet Capture.
Select a custom Anti-Spyware profile, click the DNS Signatures tab and, in the Packet Capture drop-down, select single-packet or extended-capture.
Select a custom Vulnerability Protection profile and, in the Rules tab, click Add to add a new rule or select an existing rule. Then select the Packet Capture drop-down and select single-packet or extended-capture.
In Anti-Spyware and Vulnerability Protection profiles, you can also enable packet capture on exceptions. Click the Exceptions tab and in the Packet Capture column for a signature, click the drop-down and select single-packet or extended-capture.
(Optional) To define the length of a threat packet capture based on the number of packets captured (which is based on a global setting), select DeviceSetupContent-ID and, in the Content-ID™ Settings section, modify the Extended Packet Capture Length (packets) field (range is 1-50; default is 5).
After you enable packet capture on a security profile, you need to verify that the profile is part of a security rule. For information on how to add a security profile to a security rule, see Security Policy Overview.
Each time the firewall detects a threat when packet capture is enabled on the security profile, you can download ( ) or export the packet capture.
Take a Threat Packet Capture
Take a Threat Packet Capture To configure the firewall to take a packet capture (pcap) when it detects a threat, enable packet capture on Antivirus, ...
Packet Capture Overview
Packet Capture Overview You can configure a Palo Alto Networks firewall to perform a custom packet capture or a threat packet capture. Custom Packet Capture ...
Objects > Security Profiles > Anti-Spyware Profile
Objects > Security Profiles > Anti-Spyware Profile You can attach an Anti-Spyware profile to a Security policy rule to detect connections initiated by spyware and ...
Types of Packet Captures
Types of Packet Captures There are different types of packet captures you can enable, depending on what you need to do: Custom Packet Capture —The ...
Objects > Security Profiles > Vulnerability Protection
Objects > Security Profiles > Vulnerability Protection A Security policy rule can include specification of a Vulnerability Protection profile that determines the level of protection ...
Enable DNS Security
Configure your firewall to enable DNS sinkholing using the DNS security service. ...
Monitor > Packet Capture
Monitor > Packet Capture All Palo Alto Networks firewalls have a built-in packet capture (pcap) feature you can use to capture packets that traverse the ...
Get a Packet Capture of a GTP Event
Get a packet capture of a GTP event, such as GTP-in-GTP, to troubleshoot an abnormal GTP packet. ...
Configure DNS Sinkholing for a List of Custom Domains
Configure DNS Sinkholing for a List of Custom Domains To enable DNS Sinkholing for a custom list of domains, you must create an External Dynamic ...