Packet Capture Profiles

Packet capture profiles are configured and associated with a Multicloud Defense Gateway and enabled in policy rules, network threat profiles, and web protection profiles. When troubleshooting networks, you can look inside the header of the packets to determine if the packets, route, and destination are all what you expect.

Note that this profile does not capture NetFlow data.

Packet Capture Formats

Consider the following format rules:

Policy Rule Capture - <bucketname>/<cspaccountname>/<gatewayname>/flow-packet- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<policyname>.pcap.gz

IPS Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/network-threats- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.pcap.gz

WAF Threat Capture - <bucketname>/<cspaccountname>/<gatewayname>/web-protection- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz

API Logging - <bucketname>/<cspaccountname>/<gatewayname>/api-logging- captures/<year>/<month>/<day>/<instanceid>_<timestamp>_<sessionid>.har.gz