Viewing ZBPF drops

Answered Question
Sep 24th, 2008

"show policy-map type inspect zone-pair sessions" ..does a great job of showing me currently active sessions in the inspection rules. What if I want to see what traffic is currently being dropped by the class default drop? How could I view what traffic is being prevented by the ZBPF?

Class-map: class-default (match-any)

Match: any

Drop (default action)

22386 packets, 1473397 bytes

I have this problem too.
0 votes
Correct Answer by robertson.michael about 8 years 2 months ago

Hi Michael,

Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.

Hope that helps.

-Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
robertson.michael Thu, 09/25/2008 - 08:32

Hi Michael,

Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.

Hope that helps.

-Mike

Actions

This Discussion