set ff src-ip <x.x.x.x> dst-ip <y.y.y.y>

set ff src-ip <y.y.y.y> dst-ip <x.x.x.x>

to unset the filters

unset ff ( repeat for the number of the filters you have )

Thnaks

But while the ping is working from ip1 to ip2    +  putting filter with only  src-ip  ip2   to dst-ip ip1  , i can see that the debug output is empty ?

I just want to make sure i'm getting the debug concept right  ,   if i'm suspecting that the ping reply is not received back  , what debug  filter will show me the reply only (  without showing me the requset ) ?

Did you do a "debug flow basic" to turn on flow debug?

-Mike

Yes ,

i just want to know the following :

when pinging from ip1 to  ip2  :

filter with src-ip ip1 & dst-ip ip2  will show both the request &  the reply ? 

Hi ...........

Hi,

Yes, you'll see both request and response, because you are debugging a FLOW, not separate packets (debug flow basic etc.).

I prefer simpler tools for simpler tasks. So, you can configure a temporary policy for such a test and enable both logging options - on session init and on session close. If you see "Close - AGE OUT" in the ping entries, then for sure  there was no response.

Kind regards

Edouard

Thanks Echidov

What if i want to cheack only the reply using debug , is that possible ?

Hi,

You can always filter the output using this command:

get db stream | include <string> 

<string> is a regular expression

You should play a little bit with the command to learn which <string> would be the best choice for you.

The debug output can also be sent to a tftp server using redirect > or saved to the usb stick for further use with a text editor.

Kind regards,

Edouard