Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:troubleshooting:flow_basic [2021/10/21 12:45] – created bstafford
+++ paloaltonetworks:troubleshooting:flow_basic [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 4: / Line 4: @@
 Filters:
-  * Source=Client IP - Destination=Server IP
+  - Source=Client IP - Destination=Server IP
-  * Source=Server IP - Destination= Client IP
+  - Source=Server IP - Destination= Client IP
-  * Source=NAT IP - Destination=Server IP
+  - Source=NAT IP - Destination=Server IP
-  * Source=Server IP - Destination=NAT IP
+  - Source=Server IP - Destination=NAT IP
@@ Line 21: / Line 21: @@
 We would then need to run through the following:
-  # Set filters and take a screenshot of these, turn filters on.
+  - Set filters and take a screenshot of these, turn filters on.
-  # Set the four stages of the packet captures but do not turn these on yet.
+  - Set the four stages of the packet captures but do not turn these on yet.
-  # Run following commands on CLI:
+  - Run following commands on CLI:
-> show clock
+<code>> show clock
 > set session offload no
 > debug dataplane packet-diag clear log log
@@ Line 32: / Line 32: @@
 > debug dataplane packet-diag set log feature proxy basic
 > debug dataplane packet-diag set log feature ssl basic
-> debug dataplane packet-diag set log on
+> debug dataplane packet-diag set log on</code>
 . Prepare the following commands to run while replicating issue.
-> show counter global filter packet-filter yes delta yes
+<code>> show counter global filter packet-filter yes delta yes
-> show session all filter source  source 10.102.240.15 destination 10.116.145.14
+> show session all filter source  source 10.1.1.1destination 10.2.2.2
-> show session id [id of impacted ssl session]
+> show session id [id of impacted ssl session]</code>
 . Turn packet captures on (for firewall and client/server) and replicate the issue while running both commands (step 4) every 10 seconds. This should be done for no more than a minute at most.
 . Disable session offloading and flow, and aggregate logs:
-> debug dataplane packet-diag set log off
+<code>> debug dataplane packet-diag set log off
 > set session offload yes
-> debug dataplane packet-diag aggregate-logs
+> debug dataplane packet-diag aggregate-logs</code>
 (this is important as without this the TSF will not contain the pan_packet_diag.log)
 . Turn off packet captures and generate a fresh Tech Support File.
 Apply a source address filter to the traffic log and a time filter for just before the test session. Export these via the button at the top right. Please also gather a screenshot of a couple of the detail log views for the denied traffic.
-Please then collect the following information and upload this to our SFTP server:
--Fresh Tech Support File
+Collect the following information and upload this to the SFTP server:
--Packet Captures
--CLI session output
+  - Fresh Tech Support File
--Traffic Log and screenshots
+  - Packet Captures
--Screenshot of filters
+  - CLI session output
+  - Traffic Log and screenshots
+  - Screenshot of filters