cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
529
Views
0
Helpful
1
Replies

How the #$^&$# did that packet go there? Diagnosis of flow on FTD and FMC.

itsupport
Level 1
Level 1

Hi.

I have an ASA 5508-X, runnig  FTD being controlled by a vFMC. Both are using 6.2.0.2 of thier respective software.  I am having trouble diagnosing some  flaws in my routing, NAT and rules logic.

How, with this setup can I trace the path of a packet and see how it routes, when it NATS, and what rule allows or blocks it? Happy to use either the GUI on the FMC, or drop to an SSH connection into the FTD.

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

You can use packet-tracer (either using cli or fmc ui) for packet flow analysis. packet tracer will simulate a connection and tell you what is being done by which component (if you have any layer 7 stuff, keep in mind that you might only see that the packet is being forwarded to snort for analysis).

Using FMC you can use the troubleshooting button in the device view and go to Advanced Troubleshooting to find the packet-tracer. Or just login to your FTD device using SSH and use the packet-tracer command.

In case you want to see how a live flow is being handled by snort (layer 7 engine) you can use several debug commands on the CLI or do a packet capture with trace (also possible at FMC UI at the advanced troubleshooting section).

Debugs include:

system support firewall-engine-debug -> debug ips/amp/url filtering

system support application-engine-debug -> debug application detection

There are other debugs as well but this should give you a good overview of the important tools available for troubleshooting.

If you have any question let me know.

regards

Oliver

View solution in original post

1 Reply 1

Oliver Kaiser
Level 7
Level 7

You can use packet-tracer (either using cli or fmc ui) for packet flow analysis. packet tracer will simulate a connection and tell you what is being done by which component (if you have any layer 7 stuff, keep in mind that you might only see that the packet is being forwarded to snort for analysis).

Using FMC you can use the troubleshooting button in the device view and go to Advanced Troubleshooting to find the packet-tracer. Or just login to your FTD device using SSH and use the packet-tracer command.

In case you want to see how a live flow is being handled by snort (layer 7 engine) you can use several debug commands on the CLI or do a packet capture with trace (also possible at FMC UI at the advanced troubleshooting section).

Debugs include:

system support firewall-engine-debug -> debug ips/amp/url filtering

system support application-engine-debug -> debug application detection

There are other debugs as well but this should give you a good overview of the important tools available for troubleshooting.

If you have any question let me know.

regards

Oliver

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: