Palo Alto Networks Knowledgebase: Security Profile Packet Captures FAQs

Security Profile Packet Captures FAQs

Created On 02/08/19 00:00 AM - Last Updated 02/08/19 00:00 AM
Device Management Initial Configuration Installation QoS Zone and DoS Protection

For Antivirus, Anti-Spyware, and Vulnerability profiles that have packet capture enabled:

  • Does the capture use packet filters previously defined in the CLI or WebUI, or something else?

    Answer: No, it does not use previously defined packet filters.  The packet capture is particular to the traffic that matched the threat signature that triggered the capture.

  • For how long does the packet capture run?

    Answer: The device will only capture what matches the threat signature.  It will not capture the full session.

  • Does the packet capture need to be manually turned off?

    Answer: It does not need to be manually turned off.  It will end once the traffic that matches the threat signature has been captured.

owner: jdavis

  • Print
  • Copy Link

Choose Language