Nebula and CLI

Sébastien
Sébastien Posts: 41  Freshman Member
First Comment Friend Collector Fourth Anniversary
Hi everyone,

I would like to capture packets on CLI of a Nebula connected security appliance.

But when requesting the interface status, I do not get the configuration as shown in Nebula.

For example, here is how the USG Flex is configured in Nebula :
  • wan1 : PPPoE (fixed public IP from ISP)
  • lan1 : 192.168.10.0/24
  • lan2 : disabled
Using a SSH connection to this router, I type this command :

show interface all

And the answer is :



Nothing to do with the Nebula configuration.

What I need is troubleshooting an RDP remote connection on port 3389. I would like to see if the packets are well received by my WAN interface like this :

packet-trace interface wan port 3389

0 packets are captured event if the connection is successfull !



I have the same problem with ddns, nat rules, secure-policy rules, ... The CLI do not return the Nebula configuration but the default rules as if the apppliance would be in stand-alone mode.

What am I doing wrong ? Wrong command ? Wrong command context ?

Regards,

Sebastien

Accepted Solution

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    Answer ✓
    The CLI on cloud mode is Router> show sdwan interface.
    You can hit CLI Router> packet-trace interface eth0 extension-filter port 3389 to capture packets.

All Replies

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary
    Answer ✓
    The CLI on cloud mode is Router> show sdwan interface.
    You can hit CLI Router> packet-trace interface eth0 extension-filter port 3389 to capture packets.

  • Sébastien
    Sébastien Posts: 41  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    @lalaland Thank you for your reply.

    Packet tracing is now OK on the right interface shown by sdwan command.  :)

Nebula Tips & Tricks