[ATP/FLEX] How to capture packets on Nebula Firewall Local WEB GUI?

Zyxel_Cooldia
Zyxel_Cooldia Posts: 1,511  Zyxel Employee
Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
edited June 2023 in Maintenance

Scenario

Packets analysis is a common troubleshooting technique for network administrators, and is also used to examine network traffic for security threats, performance, and connection issues. This example illustrates how to capture packets on Nebula Firewall Local WEB GUI.

Demonstration

You may skip step 1) if you access Firewall WEB GUI from LAN interface of the device.

1)   Create a security policy to allow HTTPS service from wan interface. By default, it is unable to access device WEB GUI HTTPS from wan interface when the device is managed by nebula.

Go to Configure > Firewall > Security Policy.


In Implicit allow rules, there is no implicit rule to allow WEB GUI access from wan to Device TCP 443 port. Click Add to create a security policy rule to allow TCP 443 access from wan.


Action = Allow

Protocol = TCP

Source = Any

Destination = Device

Dst Port = 443

*For security concern, we strongly suggest you add trusted IP to Source IP, instead of any.

Click Save to commit setting to Nebula.


2)   Go to Configure > Site settings to check local credentials.



3)   Open a browser to connect Firewall wan interface IP https://X.X.X.X.


Click “Network Test Tools”, and log in with local credentials.


Account: support

Password: Copy from Configure > Site settings > Local credentials

4)   Go to Maintenance > Packet Capture to capture packets.

Now we can select interface and set up filter to start capture packets.


Interface: Select available Interface and click the right arrow button to move them to the Capture Interfaces list.

Protocol: Select the protocol of traffic for which to capture packets. Select any to capture packets for all types of traffic.

Host IP: Select a host IP address object for which to capture packets. Select any to capture packets for all hosts. Select User Defined to be able to enter an IP address.

Host port: Specify the port number of the traffic to capture.

Click Capture to start capturing network traffic.

5)   Click Stop to stop capturing traffic.

6)   Now we can download from Captured Packet Files


Click a file to select it and click Download to save it to your computer.