09-24-2008 04:33 PM - edited 03-11-2019 06:49 AM
"show policy-map type inspect zone-pair sessions" ..does a great job of showing me currently active sessions in the inspection rules. What if I want to see what traffic is currently being dropped by the class default drop? How could I view what traffic is being prevented by the ZBPF?
Class-map: class-default (match-any)
Match: any
Drop (default action)
22386 packets, 1473397 bytes
Solved! Go to Solution.
09-25-2008 08:32 AM
Hi Michael,
Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.
Hope that helps.
-Mike
09-25-2008 04:19 AM
At the end of your policy add
class class-default
drop log
09-25-2008 08:32 AM
Hi Michael,
Another handy tool to use when troubleshooting ZBFW is the 'ip inspect log drop' command. When this is enabled, a syslog message will be generated for packets that are dropped due to a firewall rule. The syslogs are usually pretty good about specifying a reason why the traffic was dropped as well.
Hope that helps.
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide