Metadata, or header information of the dropped packet in Cisco WSA

mehedimec · ‎04-16-2019

Hi Everyone,

I would like to know is there any scope to view and export the header or metadata information of the dropped/blocked packet in Cisco Web Security Appliance(WSA)?

If not, then how much information can I get about the dropped/blocked packets from WSA?

Thanks.

balaji.bandi · ‎04-27-2019

Can explain more what kind of header or metadata you are looking.

you can capture the data PCAP file and export to wireshark for analyses (is this you looking ? if not suggest elaborate more)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mehedimec · ‎04-28-2019

Thanks for your reply. Actually I would like to see only the dropped/blocked packets header information specially source and destination address, port, protocol type, timestamp. Please suggest any alternate way (if possible) to get those information without capturing packet inside WSA.

Another thing is if i run a packet capture in WSA for a 2-3 GBps inbound traffic network, is there any performance related issue for WSA's normal function?

Moreover what type of and how much information will I get from log files about the dropped/blocked packets?

balaji.bandi · ‎04-28-2019

WSA is meant to be Web Filtering Device, this is not a FW.

So you can download the ACCESS Loga and see what is denied because of rules ( samething can be viewed from console with grep options).

WSA also have TAP option if you like to span traffic.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help