05-05-2010 04:17 AM
if i have pc1 on trust zone with ip= 10.10.10.2 , pc2 at untrust zone with ip= 10.20.20.2
now , i run ping from pc1 to pc2 & i need to see traffic flow using debug
if i put ffilter with : src-ip pc1 & dst-ip pc2 , will i be able to see bot icmp requset & icmp reply ? or i need to put a filter at the reverse direction ( src-ip pc2 & dst-ip pc1 ) to see the reply
Solved! Go to Solution.
05-05-2010 12:11 PM
But while the ping is working from ip1 to ip2 + putting filter with only src-ip ip2 to dst-ip ip1 , i can see that the debug output is empty ?
I just want to make sure i'm getting the debug concept right , if i'm suspecting that the ping reply is not received back , what debug filter will show me the reply only ( without showing me the requset ) ?
05-21-2010 02:23 AM
Yes, you'll see both request and response, because you are debugging a FLOW, not separate packets (debug flow basic etc.).
I prefer simpler tools for simpler tasks. So, you can configure a temporary policy for such a test and enable both logging options - on session init and on session close. If you see "Close - AGE OUT" in the ping entries, then for sure there was no response.
05-25-2010 12:54 AM
You can always filter the output using this command:
get db stream | include <string>
<string> is a regular expression
You should play a little bit with the command to learn which <string> would be the best choice for you.
The debug output can also be sent to a tftp server using redirect > or saved to the usb stick for further use with a text editor.