Wednesday, April 02, 2008

Q: How do I monitor firewall activity on the firewall itself?

A:

Use the fw monitor tool at the Nokia command line. Here are some examples:

fw monitor -e 'accept src=192.168.152.121 or dst=102.168.152.121;' -o filename

fw ctl zdebug + drop > filename2

Make sure to open multiple command line sessions to the firewall/s to run both the fw monitor and fw ctl zdebug commands at the same time. Also, the fw log export must be taken at the same time.