Run Network Diagnostic Tasks in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

You can run these diagnostic tools in WatchGuard Cloud to test and troubleshoot network connectivity from the Firebox:

  • Ping — Ping an IP address or host name.
  • TCP Dump — See information about packets transmitted across your network and save the results to a file.
  • DNS Lookup — Look up DNS information to find which IP address a host name resolves to.

You can also download a diagnostic snapshot file of the Firebox log data and system information. For more information, go to Download Diagnostic Snapshot File.

To run these tools in Fireware Web UI on a cloud-managed Firebox, go to Run Network Diagnostic Tasks in Fireware Web UI.

Use Diagnostic Tools

  1. Select Monitor > Devices.
  2. Select a Firebox.
  3. From the Devices menu, select Live Status > Diagnostic Tools.
    The Diagnostic Tools page opens.
  4. From the Task drop-down list, select Ping.

Screen shot of the Ping tool

  1. In the Address text box, type an IP address or domain name to ping. For example, enter 192.168.1.1 or example.com.
  2. Click Run.
    Ping results appear.

Screen shot of ping results

  1. Select Monitor > Devices.
  2. Select a Firebox.
  3. From the Devices menu, select Live Status > Diagnostic Tools.
    The Diagnostic Tools page opens.
  4. From the Task drop-down list, select TCP Dump.

Screen shot of the TCP Dump tool

  1. (Optional) To narrow the results, use arguments:
    1. Select Use Arguments.
      The Arguments text box opens.
    2. In the Arguments text box, type one or more TCP Dump arguments. Arguments are case sensitive.
      For example, to capture data for the default external interface, type -ieth0 or -i eth0. For more example configurations on TCP Dump arguments, go to TCP Dump Command Arguments.
  2. From the Network drop-down list, select a network configured on the Firebox.
  3. From the Interface drop-down list, select an interface configured on the Firebox.
  4. (Optional) To save the TCP Dump data directly to a packet capture (.PCAP) file, select Stream data to a file.
  5. Click Run.
  6. To stop TCP Dump, click Screen shot of the Stop Task button.
  7. (Optional) If you selected Stream data to a file, you can select Download PCAP file after TCP Dump completes.

If you select a FireCluster, the Network and Interface drop-down lists are not available for TCP Dump.

  1. Select Monitor > Devices.
  2. Select a Firebox.
  3. From the Devices menu, select Live Status > Diagnostic Tools.
    The Diagnostic Tools page opens.
  4. From the Task drop-down list, select DNS Lookup.

Screen shot of the DNS Lookup settings

  1. In the Address text box, type an IP address or domain name.

Screen shot of a DNS Lookup example

Download Diagnostic Snapshot File

Your cloud-managed Firebox collects log data and other system information that is helpful when you troubleshoot system problems with a WatchGuard Technical Support representative. You can download this information from your Firebox in a diagnostic log message file ([device name]_support.tgz) that you can send to your Technical Support representative.

You can also download the diagnostics file for a cloud-managed Firebox in the Fireware Web UI. For more information, go to Download the Diagnostics File for a Cloud-Managed Firebox in Fireware Web UI.

To download a diagnostic snapshot file:

  1. Select Monitor > Devices.
  2. Select a Firebox.
  3. From the Devices menu, select Live Status > Diagnostic Tools.
    The Diagnostic Tools page opens.
  4. Select the Snapshot tab.

Screen shot of the Snapshot tab

  1. Select Download snapshot file.
    The diagnostic snapshot file downloads and saves to the location you specify.

TCP Dump Command Arguments

To see information about the packets transmitted across your network (TCP dump), in the Arguments text box, you can type these command arguments:

tcpdump [-aAbdDefIKlLnNOpPqRStuUvxX] [ -B size ] [ -c count ] [ -E algo:secret ] [ -i interface ] [ -M secret ] [ -s snaplen ] [ -T type ] [ -y datalinktype ] [ expression ]

The parameters in TCP dump commands are case-sensitive.

For example:

  • To see all port 443 traffic on the eth0 interface, type -i eth0 port 443. In this example, to capture packets on an interface, type:
    • -i to filter packets on an interface.
    • port to filter data on a port.
  • To see all the port 53 traffic on the eth1 interface from or to the 10.0.1.10 internal server, type -i eth1 host 10.0.1.10 and port 53. In this example, type:
    • host to filter data for a host.
    • port to filter data on a port.
  • To see all traffic, except port 53 traffic, on the vlan2 interface to or from the 10.0.2.20 internal server, type -i vlan2 host 10.0.2.20 and not port 53. In this example, to exclude all data from port 53, add the condition not.
  • To see all IPSec traffic on the eth0 interface to or from a remote host, type - i eth0 host 203.0.113.50 and (port 500 or port 4500 or esp).
  • To limit the capture to four packets on the eth0 interface, type -i eth0 -c 4. In this example, to limit the capture of packets, type -c.

For more information on TCP dump arguments, go to tcpdump.org.

Related Topics

Run Network Diagnostic Tasks in Fireware Web UI

Run a BOVPN Diagnostic Report for a Firebox or FireCluster

WatchGuard Cloud TCP Dump Diagnostics video tutorial (5 minutes)