Palo Alto Networks Knowledgebase: Packet Capture Option Missing Under Monitor Tab

Packet Capture Option Missing Under Monitor Tab

3541
Created On 02/07/19 23:51 PM - Last Updated 02/07/19 23:52 PM
Resolution

Symptom

In a multiple virtual system (multi-vsys) environment, when viewing a specific virtual system (example, vsys1) context on the Palo Alto Networks firewall, the packet capture option is not seen under the Monitor tab.

 

Another possible scenario is in an environment where multiple administrators (with role-based access), manage the firewall. If packet capture is "disabled" in an admin role's profile, the administrator associated with that profile will not be able to see packet capture option under the Monitor tab.

packet capture 1.pngNotice how the option for Packet Capture is not available.

Cause

The packet capture option is visible only when the virtual system context is set to All, as shown below:

packet capture 2.pngPacket Capture option is available under All vsys.

The packet capture feature is not available on an individual virtual system (vsys) basis. It is available as a common global tool for all virtual systems, irrespective of the number of vsys configured on the Palo Alto Networks firewall.

 

In a scenario where packet capture is disabled in an admin role profile, the administrator to which the profile is associated, will not be able to see packet capture option under the Monitor tab.

As an example, consider an admin role profile with packet capture option disabled as shown below:

packet capture 3.png

 

You also need to enable Privacy option which contains the "view PCAP files" option. This can be found under the Privacy section,there is an option that specifies "view pcap files". These two are correlated, both need to be selected to work.

packet capture 5.pngView PCAP Files option under Privacy.

 

The admin role profile is associated with an administrator account:

packet capture 4.png

 

In this case, the admin role profile "test-role" is associated with administrator account "testadmin". If testadmin successfully logs into the Palo Alto Networks device and navigates to Monitor tab, they will not be able to see the packet capture option.

 

owner: tshivkumar

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQpCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language