Packet Capture

You can capture network traffic. The content of the packet capture provides a greater insight into the traffic which generated the log. With this feature activated, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. sends a packet capture file with the log to the Log Server Dedicated Check Point server that runs Check Point software to store and process logs.. You can open the file, or save it to a file location to retrieve the information a later time.

For some blades, the packet capture option is activated by default in Threat Policy.

To deactivate packet capture (in Threat Policy only):

1. In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to the Security Policies view > Threat Prevention.

2. In the Track column of the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click and clear Packet Capture.

To see a packet capture:

1. In SmartConsole, go to the Logs & Monitor view.

2. Open the log.

3. Click the link in the Packet Capture field.

   The Packet Capture opens in a program associated with the file type.

4. Optional: Click Save to save the packet capture data on your computer.