Create a Post
Showing results for 
Search instead for 
Did you mean: 

Using FWMONITOR with SecureXL enabled (R80.20 and up) TechTip

Hello everyone,


I wanted to spread the knowledge that starting with R80.20 it is possible to packet capture with FWMONITOR with SecureXL turned on. I know it can sometimes be a hassle to troubleshoot traffic that can’t be seen with SecureXL acceleration. It can also be dangerous to turn it off because of the possibility of the non-accelerated traffic overpowering the CPU. In R80.20 and later traffic can be fully captured by fw monitor with SecureXL still enabled, as long as you use the -F flag along with an alternate traffic filtering syntax. Here is an example:


fw monitor  -F  0,0,0,80,0


This equivalent fw monitor command can capture all destination port 80 traffic regardless of whether it is accelerated. You see there are five numeric positions in this syntax after the -F. Here are the meaning of them by positon.


  1. Source IP
  2. Source Port
  3. Destination IP
  4. Destination Port
  5. Protocol




Hopefully this will be a help in your technical journeys!

0 Kudos
1 Reply
Champion Champion

More read here:

What is FW Monitor? sk30583 
-> Capture Examples of "-F" flag

  1. Usual Capture
  2. Host Specific Capture
  3. Port Specific Capture
  4. Protocol Specific Capture


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events