Details
By default the firewall takes captures of traffic considered "unknown" or "insufficient data".
Run the following CLI command to determine if the automatic capture is on:
> show running application setting
Application setting:
Application cache : yes
Supernode : yes
Heuristics : yes
Cache Threshold : 16
Bypass when exceeds queue limit: yes
Use cache for appid : no
Unknown capture : on
Max. unknown sessions : 5000
Current unknown sessions : 12
Application capture : off
Current APPID Signature
Signature Usage : 27 MB (Max. 32 MB)
TCP 1 C2S : 8771 states, in offloader
TCP 1 S2C : 4130 states, in offloader
TCP 2 C2S : 15711 states, in offloader
TCP 2 S2C : 5005 states, in offloader
UDP 1 C2S : 5893 states, in offloader
UDP 1 S2C : 2151 states, in offloader
UDP 2 C2S : 9906 states, in offloader
UDP 2 S2C : 2182 states, in offloader
To turn off automatic capture until the next reboot, run the following command:
> set application dump-unknown no
Note: This setting will reset when the device is rebooted.
To make the settings persist through a reboot, use the following commands:
> configure
# set deviceconfig setting application dump-unknown off
# commit
onwer: jseals