Find using dashboard which physical D8 the virtual is sitting on.

Here is some basic syntax to run a tcpdump on a  D8 VSX  firewall.

ssh to the  active VSX Gateway .

Make sure you are in expert mode

Type expert to be gain that mode.

Run this command

vsx stat  -v

vsx stat  -l

identify your virtual firewall number  (e.g. Client 2) then type this

vsx set  x ##Where x is your Virtual firewall number listed in the left column

run this command

route

identify the ingress and egress interfaces   by looking at the routing table.

Then run two tcpdumps

Ingress interface

tcdpump  -I  <interface_name>  host <IP_address_of_the_Machine_your_are_interested_in> -nn and host <IP_address_of_the_Machine_your_are_interested_in>

egress interface

tcdpump  -I  <interface_name>  host <IP_address_of_the_Machine_your_are_interested_in>