Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Can you do a debug of TCP sessions in a FWSM?

Hello,

Is there any debug or show command to see when the tcp connections are opened or closed in an FWSM? I know that in the current versions of ASA for this you can do a "debug tcp", but there is any command on the FWSM to do something like this?

Thanks in advance.

3 REPLIES
VIP Green

Can you do a debug of TCP sessions in a FWSM?

I think the command is:

debug packet proto tcp

Please be careful when using this command... It could cripple your ASA (depending on the amount of traffic passing through of course.)

http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/command/reference/df.pdf

--
Please remember to rate and select a correct answer

--

Please remember to rate and select a correct answer
Cisco Employee

Can you do a debug of TCP sessions in a FWSM?

Hi Jeramel,

I'm not quite sure what you are looking for.  Syslogs are your best bet for tracking when the FWSM creates and tearsdown a connection. 

"show conn" will display the current connections passing through the FWSM, along with their state, and what inspections are applied to them.

"debug tcp" on the ASA is really showing some internal checks which the ASA is performing on the TCP packets.  It should not be used on a loaded ASA.  As it is very verbose. 

What exactly are you looking to acheive?

Sincerely,


David.

New Member

Can you do a debug of TCP sessions in a FWSM?

Hello,

You can do this by matching the access-list

debug access-list

Thanks

204
Views
0
Helpful
3
Replies
CreatePlease to create content