Solved: Viewing ZBPF drops

mmedwid · ‎09-24-2008

"show policy-map type inspect zone-pair sessions" ..does a great job of showing me currently active sessions in the inspection rules. What if I want to see what traffic is currently being dropped by the class default drop? How could I view what traffic is being prevented by the ZBPF?

Class-map: class-default (match-any)

Match: any

Drop (default action)

22386 packets, 1473397 bytes

robertson.michael · ‎09-25-2008

Hi Michael,

Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.

Hope that helps.

-Mike

View solution in original post

Gerald Vogt · ‎09-25-2008

At the end of your policy add

class class-default

drop log

robertson.michael · ‎09-25-2008

Hi Michael,

Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.

Hope that helps.

-Mike