How to perform firewall flow filter debugging
From Tech-Wiki
The debug buffer is a circular buffer, once the buffer has reached the size limit, the oldest data will be overwritten.
The buffer size is configurable.
To change the size, use the following commands:
set db size 4096 set console dbuf clear db
To set-up the flow filter:
get ffilter set ffilter src-ip / dst-ip ... (see the CLI-help for more ffilter options) (same row = AND, more rows = OR) debug flow basic
Reproduce the issue. The timestamp resolution of the output is in tenths of a second. Stop the ffilter and then display the output with the following commands:
undebug all get dbuf stream or get dbuf stream > tftp <host> <name-of-file>