Navigate to System then click on Packet Monitor and press the Configure button.
On the Monitor Filter tab we need to define what we’ll be monitoring. I’ll be attempting to access a website located on a web server (10.xxx.xxx.25) from a remote workstation at 104.xxx.xxx.133 via the web server’s public IP address 63.xxx.xxx.225. So we’ll enter in 104.xxx.xxx.133 as the Source IP address and 10.xxx.xxx.25 as the Destination IP address. In addition, as we want to monitor HTTP and HTTPS traffic to and from our web server we’ll specify 80 and 443 as the Destination Ports in the monitor filter.
On the Advanced Monitor Filter tab select the appropriate types of traffic you want monitored during this session.
Back on the Packet Monitor page you’ll want to press the Clear button to reset statistics and discard captured packets from a previous monitoring session. Once you are ready to proceed click on Start Capture button.
Now that the packet capture is running, back on our remote workstation we’ll generate some traffic by entering in http://63.xxx.xxx.225 in the web browser.
If you hit the Refresh button in the Packet Monitor window on your firewall you’ll see that some packets were captured.
Note that the first two lines of the capture indicate that the traffic coming from 104.xxx.xxx.133 via interface X0 is successfully being translated to the internal address 10.xxx.xxx.25 via port 80. Lines 3 and 4 show the return traffic from 10.xxx.xxx.25 to 104.xxx.xxx.133 via interface X3.