SonicWALL TZ 190 Manuale Utente
System > Packet Capture
120
SonicOS Enhanced 4.0 Administrator Guide
Even when interfaces specified in the capture filters do not match, this option ensures that
packets generated by the SonicWALL appliance are captured. This includes packets
generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols.
Captured packets are marked with ‘s’ in the incoming interface area when they are from the
system stack. Otherwise, the incoming interface is not specified.
packets generated by the SonicWALL appliance are captured. This includes packets
generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols.
Captured packets are marked with ‘s’ in the incoming interface area when they are from the
system stack. Otherwise, the incoming interface is not specified.
Step 5
To capture intermediate packets generated by the SonicWALL appliance, select the Capture
Intermediate Packets checkbox.
Intermediate Packets checkbox.
Intermediate packets include packets generated as a result of fragmentation or
reassembly, intermediate encrypted packets, IP helper generated packets, and replicated
multicast packets.
reassembly, intermediate encrypted packets, IP helper generated packets, and replicated
multicast packets.
Step 6
To exclude encrypted management or syslog traffic to or from GMS, select the Exclude
encrypted GMS traffic checkbox.
encrypted GMS traffic checkbox.
This setting only affects encrypted traffic within a configured primary or secondary GMS
tunnel. GMS management traffic is not excluded if it is sent via a separate tunnel.
tunnel. GMS management traffic is not excluded if it is sent via a separate tunnel.
Step 7
To exclude management traffic, select the Exclude Management Traffic checkbox and select
one or more checkboxes for HTTP/HTTPS, SNMP, or SSH. If management traffic is sent via a
tunnel, the packets are not excluded.
one or more checkboxes for HTTP/HTTPS, SNMP, or SSH. If management traffic is sent via a
tunnel, the packets are not excluded.
Step 8
To exclude syslog traffic to a server, select the Exclude Syslog Traffic to checkbox and select
one or more checkboxes for Syslog Servers or GMS Server. If syslog traffic is sent via a
tunnel, the packets are not excluded.
one or more checkboxes for Syslog Servers or GMS Server. If syslog traffic is sent via a
tunnel, the packets are not excluded.
Restarting FTP logging
If automatic FTP logging is off, either because of a failed connection or simply disabled, you
can restart it in Configure > Logging.
can restart it in Configure > Logging.
Step 1
Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on
page 108.
page 108.
Step 2
Under Packet Capture, click Configure.
Step 3
In the Packet Capture Configuration window, click the Logging tab.
Step 4
Verify that the settings are correct for each item on the page. See “Configuring Logging
Settings” on page 117.
Settings” on page 117.
Step 5
To change the FTP logging status on the main packet capture page to “active”, select the Log
To FTP Server Automatically checkbox.
To FTP Server Automatically checkbox.
Step 6
Click OK.
Verifying Packet Capture Activity
This section describes how to tell if your packet capture is working correctly according to the
configuration. It contains the following sections:
configuration. It contains the following sections:
•
•
Understanding Status Indicators
The main Packet Capture screen displays status indicators for packet capture and FTP logging.
The packet capture status indicator shows one of the following three conditions:
The packet capture status indicator shows one of the following three conditions: