Troubleshooting for the Secure Firewall Threat Defense using Cloud-delivered Firewall Management Center

The Security Cloud Control portal provides the following options for in-depth troubleshooting analysis on a Secure Firewall Threat Defense. Upon clicking any of these options, the user is directed to the relevant troubleshooting page in the cloud-delivered Firewall Management Center portal.

  1. In the left pane, click Security Devices > FTD.

  2. Select an FTD device and on the Troubleshooting pane on the right, click the option you want.

  • Packet-tracer allows a firewall administrator to inject a virtual packet into the security appliance and track the flow from ingress to egress. Along the way, the packet is evaluated against flow and route lookups, ACLs, protocol inspection, NAT, and intrusion detection. The power of the utility comes from the ability to simulate real-world traffic by specifying source and destination addresses with protocol and port information.

  • Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful.

  • Threat Defense CLI allows executing selected threat defense diagnostic command line interface (diagnostic CLI) commands from the management center. These commands run in the diagnostic CLI rather than the regular CLI. These commands are ping (except ping system), traceroute, and select show commands.

  • Troubleshoot File Download allows generating troubleshooting files with information targeted to specific functional areas, as well as advanced troubleshooting files that you can obtain in collaboration with Cisco Support. If you have a problem with your appliance, Cisco Support may request you to supply troubleshooting files to help them diagnose the problem.