Saucepan

User Tools

Site Tools

Trace: cli_tools logging fibre_cable_global_map ntpd wildfire dns_servers bind_configure_guide
paloaltonetworks:troubleshooting:flow_basic

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:troubleshooting:flow_basic [2021/10/21 12:45] bstaffordpaloaltonetworks:troubleshooting:flow_basic [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 4: Line 4:
  
 Filters: Filters:
-  Source=Client IP - Destination=Server IP +  Source=Client IP - Destination=Server IP 
-  Source=Server IP - Destination= Client IP +  Source=Server IP - Destination= Client IP 
-  Source=NAT IP - Destination=Server IP +  Source=NAT IP - Destination=Server IP 
-  Source=Server IP - Destination=NAT IP+  Source=Server IP - Destination=NAT IP
  
  
Line 25: Line 25:
   - Run following commands on CLI:   - Run following commands on CLI:
  
-> show clock+<code>> show clock
 > set session offload no > set session offload no
 > debug dataplane packet-diag clear log log > debug dataplane packet-diag clear log log
Line 32: Line 32:
 > debug dataplane packet-diag set log feature proxy basic > debug dataplane packet-diag set log feature proxy basic
 > debug dataplane packet-diag set log feature ssl basic > debug dataplane packet-diag set log feature ssl basic
-> debug dataplane packet-diag set log on+> debug dataplane packet-diag set log on</code>
  
 4. Prepare the following commands to run while replicating issue. 4. Prepare the following commands to run while replicating issue.
  
-> show counter global filter packet-filter yes delta yes +<code>> show counter global filter packet-filter yes delta yes 
-> show session all filter source  source 10.102.240.15 destination 10.116.145.14 +> show session all filter source  source 10.1.1.1destination 10.2.2.2 
-> show session id [id of impacted ssl session]+> show session id [id of impacted ssl session]</code> 
  
 5. Turn packet captures on (for firewall and client/server) and replicate the issue while running both commands (step 4) every 10 seconds. This should be done for no more than a minute at most. 5. Turn packet captures on (for firewall and client/server) and replicate the issue while running both commands (step 4) every 10 seconds. This should be done for no more than a minute at most.
 +
  
 6. Disable session offloading and flow, and aggregate logs: 6. Disable session offloading and flow, and aggregate logs:
  
-> debug dataplane packet-diag set log off+ 
 +<code>> debug dataplane packet-diag set log off
 > set session offload yes > set session offload yes
-> debug dataplane packet-diag aggregate-logs+> debug dataplane packet-diag aggregate-logs</code>
  
 (this is important as without this the TSF will not contain the pan_packet_diag.log) (this is important as without this the TSF will not contain the pan_packet_diag.log)
  
 7. Turn off packet captures and generate a fresh Tech Support File. 7. Turn off packet captures and generate a fresh Tech Support File.
 +
  
 Apply a source address filter to the traffic log and a time filter for just before the test session. Export these via the button at the top right. Please also gather a screenshot of a couple of the detail log views for the denied traffic. Apply a source address filter to the traffic log and a time filter for just before the test session. Export these via the button at the top right. Please also gather a screenshot of a couple of the detail log views for the denied traffic.
  
-Please then collect the following information and upload this to our SFTP server: 
  
--Fresh Tech Support File +Collect the following information and upload this to the SFTP server: 
--Packet Captures + 
--CLI session output +  - Fresh Tech Support File 
--Traffic Log and screenshots +  - Packet Captures 
--Screenshot of filters+  - CLI session output 
 +  - Traffic Log and screenshots 
 +  - Screenshot of filters
  
  
paloaltonetworks/troubleshooting/flow_basic.1634820313.txt.gz · Last modified: (external edit)