Palo Alto Networks Knowledgebase: Security Profile Packet Captures FAQs

Security Profile Packet Captures FAQs

1091
Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

For Antivirus, Anti-Spyware, and Vulnerability profiles that have packet capture enabled:

  • Does the capture use packet filters previously defined in the CLI or WebUI, or something else?

    Answer: No, it does not use previously defined packet filters.  The packet capture is particular to the traffic that matched the threat signature that triggered the capture.

  • For how long does the packet capture run?

    Answer: The device will only capture what matches the threat signature.  It will not capture the full session.

  • Does the packet capture need to be manually turned off?

    Answer: It does not need to be manually turned off.  It will end once the traffic that matches the threat signature has been captured.

owner: jdavis



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClYyCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language