Viewing ZBPF drops

Answered Question
Sep 24th, 2008
User Badges:

"show policy-map type inspect zone-pair sessions" ..does a great job of showing me currently active sessions in the inspection rules. What if I want to see what traffic is currently being dropped by the class default drop? How could I view what traffic is being prevented by the ZBPF?


Class-map: class-default (match-any)

Match: any

Drop (default action)

22386 packets, 1473397 bytes




Correct Answer by robertson.michael about 8 years 7 months ago

Hi Michael,


Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.


Hope that helps.


-Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gerald Vogt Thu, 09/25/2008 - 04:19
User Badges:
  • Bronze, 100 points or more

At the end of your policy add


class class-default

drop log

Correct Answer
robertson.michael Thu, 09/25/2008 - 08:32
User Badges:
  • Silver, 250 points or more

Hi Michael,


Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.


Hope that helps.


-Mike

Actions

This Discussion