Created On 02/07/19 23:51 PM - Last Updated 02/07/19 23:52 PM
In a multiple virtual system (multi-vsys) environment, when viewing a specific virtual system (example, vsys1) context on the Palo Alto Networks firewall, the packet capture option is not seen under the Monitor tab.
Another possible scenario is in an environment where multiple administrators (with role-based access), manage the firewall. If packet capture is "disabled" in an admin role's profile, the administrator associated with that profile will not be able to see packet capture option under the Monitor tab.
Notice how the option for Packet Capture is not available.
The packet capture option is visible only when the virtual system context is set to All, as shown below:
Packet Capture option is available under All vsys.
The packet capture feature is not available on an individual virtual system (vsys) basis. It is available as a common global tool for all virtual systems, irrespective of the number of vsys configured on the Palo Alto Networks firewall.
In a scenario where packet capture is disabled in an admin role profile, the administrator to which the profile is associated, will not be able to see packet capture option under the Monitor tab.
As an example, consider an admin role profile with packet capture option disabled as shown below:
You also need to enable Privacy option which contains the "view PCAP files" option. This can be found under the Privacy section,there is an option that specifies "view pcap files". These two are correlated, both need to be selected to work.
View PCAP Files option under Privacy.
The admin role profile is associated with an administrator account:
In this case, the admin role profile "test-role" is associated with administrator account "testadmin". If testadmin successfully logs into the Palo Alto Networks device and navigates to Monitor tab, they will not be able to see the packet capture option.