Nebula and CLI

Sébastien · December 2021

Hi everyone,

I would like to capture packets on CLI of a Nebula connected security appliance.

But when requesting the interface status, I do not get the configuration as shown in Nebula.

For example, here is how the USG Flex is configured in Nebula :

wan1 : PPPoE (fixed public IP from ISP)
lan1 : 192.168.10.0/24
lan2 : disabled

Using a SSH connection to this router, I type this command :

show interface all

And the answer is :

Image: https://us.v-cdn.net/6029482/uploads/editor/qt/kgyoaf4g2zeh.png

Nothing to do with the Nebula configuration.

What I need is troubleshooting an RDP remote connection on port 3389. I would like to see if the packets are well received by my WAN interface like this :

packet-trace interface wan port 3389

0 packets are captured event if the connection is successfull !

Image: https://us.v-cdn.net/6029482/uploads/editor/8a/y7y7gd87nmrb.png

I have the same problem with ddns, nat rules, secure-policy rules, ... The CLI do not return the Nebula configuration but the default rules as if the apppliance would be in stand-alone mode.

What am I doing wrong ? Wrong command ? Wrong command context ?

Regards,

Sebastien

lalaland · December 2021

The CLI on cloud mode is Router> show sdwan interface.
You can hit CLI Router> packet-trace interface eth0 extension-filter port 3389 to capture packets.

Image: https://us.v-cdn.net/6029482/uploads/editor/i3/4gi3eik3jemj.jpg

lalaland · December 2021

The CLI on cloud mode is Router> show sdwan interface.
You can hit CLI Router> packet-trace interface eth0 extension-filter port 3389 to capture packets.

Sébastien · December 2021

@lalaland Thank you for your reply.

Packet tracing is now OK on the right interface shown by sdwan command.

Nebula and CLI

Accepted Solution

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center