Firewall - Creating A Diagnostic File

This article will explain how to collect, create and download the diagnostic file (diag-file) from the Web GUI as well as using the SSH to collect the diagnostic file [USG FLEX, ATP, VPN Series], and FTP service (e.g. FileZilla) to download the file, if the device is not responding - or for other reasons.


If it's comes to debugging strange behavior of a USG with our support, nothing is better than a Diag-file. We use this files to see what happens in your Network and so we can figure out what goes wrong and why.

To create a capture you just log on your USG and go to Maintenance > Diagnostic and click on "Collect Now". This can take up to ten minutes. Depending on your configuration.

 Once the capture is completed you can download it under Files.


1) Diagnostic File - Create and download via Web GUI

2) Diagnostic File - Create and download via FTP


1) Diagnostic File - Create and download via Web GUI

a) Login to your firewall with your admin user and password

b) Navigate to Maintenence -> Diagnostic -> "Collect Now" and let it collect for up to 10 minutes

c) Download the Diagnostic File under Maintenance -> Diagnostics -> Diagnostics -> Files by marking the file you want to download and then hit "Download":




2) Diagnostic File - Create and download via FTP


It's also possible to create and collect the diagnostic file via SSH. 


a) Login to Putty, TeraTerm or any other SSH program

b) Write the command 

configure terminal

c) Then write the following command to get all files needed for investigation:

diaginfo set ac 1023

d) Then collect the diagnostic file with this command and let it collect for up to 10 minutes

diaginfo collect ac

if you want to see the status of the diagnostic file collection, write this command

show diag-info

or this command

show diag-info status

e) Download and open FileZilla

f) Enter your host (LAN or WAN Gateway IP), admin username and password as well as port 21 (FTP port) and click Quickconnect

You should see "TLS connection established." and "Logged in". 

If you don't see this, it's probably because port 21 is not allowed in the firewall rules form WAN to Zywall, or LAN to Zywall.

g) Then navigate to the "debug" folder and then download the diagnostic file (diaginfo-2023-03-30_14-30-36.tar.bz2) to your PC 





Articles in this section

Was this article helpful?
2 out of 4 found this helpful



Please sign in to leave a comment.