12.3.3. Packet Tracing

To perform packet tracing, use the following command:

Admin@UGOS> show network trace

It will display information such as the source and destination IP addresses, protocol, UserGate source and destination port names, and source and destination TCP/UDP port numbers. This command is also available in the configuration mode.

To exit the packet tracing mode, press Ctrl+C.

Packet tracing rules are created and configured in the configuration mode at the network level. To create a rule, use the following command:

Admin@UGOS# create network trace-rules

Next, specify the following parameters:

Parameter

Description

enabled

Enable or disable the packet tracing rule:

  • on.

  • off.

name

The name of the rule. If not set, the name is generated automatically as trace_rule_N, where N is the ordinal number of the packet tracing rule being created.

zones-in

The list of traffic source zones.

source-ip-lists

The list of source IP address groups for the packets. For more details on creating IP address groups using the CLI, see the section Configuring IP addresses.

source-ip-addresses

The list of source IP addresses for the packets.

dest-ip-lists

The list of destination IP address groups for the packets. For more details on creating IP address groups using the CLI, see the section Configuring IP addresses.

dest-ip-addresses

The list of destination IP addresses for the packets.

services

Service type. For more details, see the section Configuring services.

To modify a rule:

Admin@UGOS# set network trace-rules <trace-rule-name>

All the parameters listed in the table above can be modified.

To delete a packet tracing rule, use the following command:

Admin@UGOS# delete network trace-rules <trace-rule-name>

The values of individual rule parameters can also be deleted. These are available for deletion:

  • zones-in.

  • source-ip-lists.

  • source-ip-addresses.

  • dest-ip-lists.

  • dest-ip-addresses.

  • services.

To view the existing packet tracing rules:

Admin@UGOS# show network trace-rules

or

Admin@UGOS# show network trace-rules <trace-rule-name>