PA Packet Capture & Config Audit

Monitor --> Packet Capture

Step 1: Create a Filter

Click Manage Filter & set source and destination.

Stage — Indicate the point at which to capture packets:

drop — When packet processing encounters an error and the packet is dropped.

firewall — When the packet has a session match or a first packet with a session is successfully created.

receive — When the packet is received on the data plane processor.

transmit — When the packet is transmitted on the data plane processor.

File - Specify the capture file name.

Packet Count — Specify the maximum number of packets, after which capturing stops.

Byte Count — Specify the maximum number of bytes, after which capturing stops.

Now ensure to put Filter "ON" else firewall will take capture on all interface of all traffic.

Now make "ON" packet capture.

Firewall will display this warning but if proper filtering is in place, then there won't be any impact.

Now click on refresh icon above Captured Files.

Config Audit

Select Device > Config Audit to see the differences between configuration files. The page displays the configurations side by side in separate panes and highlights the differences line by line using colors to indicate additions (green), modifications (yellow), & deletions (red)

Let's create two Addresses, one for Inside host and another for DMZ

From bottom drop down menu select two config which you would like to compare and hit "GO".

Configure PA with AD Server

Device --> Server Profile --> LDAP

LDAP or AD Server has to be connected to Authentication Profile.

Capitative Portal

Device --> User Identification

Management profile has to be applied to interfaces in Zone where we would like to enable UserID

Load Sharing: It's always 50%-50%

Load balancing: It's always in ratio say 3:1