Hello everyone,

I wanted to spread the knowledge that starting with R80.20 it is possible to packet capture with FWMONITOR with SecureXL turned on. I know it can sometimes be a hassle to troubleshoot traffic that can’t be seen with SecureXL acceleration. It can also be dangerous to turn it off because of the possibility of the non-accelerated traffic overpowering the CPU. In R80.20 and later traffic can be fully captured by fw monitor with SecureXL still enabled, as long as you use the -F flag along with an alternate traffic filtering syntax. Here is an example:

fw monitor  -F  0,0,0,80,0

This equivalent fw monitor command can capture all destination port 80 traffic regardless of whether it is accelerated. You see there are five numeric positions in this syntax after the -F. Here are the meaning of them by positon.

1. Source IP
2. Source Port
3. Destination IP
4. Destination Port
5. Protocol

Hopefully this will be a help in your technical journeys!