fw monitor debugging traffic

If SecureXL is on, please turn off the secureXL


#fwaccel off // to turn it off
#fwaccel stat // to check status


#fw monitor -e "accpet host(srcIP) and host(dstIP);" -o filename.pcap

eg:
#fw monitor -e "accept host(17.16.202.89) and host(100.25.219.39) or host(100.25.219.39);" -o captures.pcap


#fwaccel on // to turn on SecreXL



Run below traffic captures at internal and external interface:
tcpdump -t -enni <interface_name> host Src.IP and host dst.IP
tcpdump -t -enni eth2-04 host + and host 208.94.8.8 -w filename1.pcap


fwaccel off

fw monitor -e "accpet host(17.16.202.80);" -o filename.pcap



fw ctl zdebug drop | grep 17.16.202.80

 fw monitor -e "accept host(17.16.202.80);"

 fw monitor -e "accept host(17.16.202.80);" -T      -T is for time stamp


[fw_0] 20Dec2018 10:35:28.713159 eth2-04:I[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.713168 eth2-01:o[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.713175 eth2-01:O[200]: 17.16.202.80 -> 10.13.4.17 (UDP) len=200 id=2656 UDP: 24628 -> 9980 [vs_0]
[fw_0] 20Dec2018 10:35:28.720730 eth2-01:i[200]: 10.25.220.68 -> 17.16.202.80 (UDP) len=200 id=37057 UDP: 21416 -> 21898 [vs_0]
[fw_0] 20Dec2018 10:35:28.720749 eth2-01:I[200]: 10.25.220.68 -> 17.16.202.80 (UDP) len=200 id=37057 UDP: 21416 -> 21898 [vs_0]

I and i are for In
O and o are for Out

Upper Case I is for after Inspection
lower case i is for before inspection