Now I will show a flow trace from my computer to
diagnose debug reset diagnose debug flow filter saddr 10.22.22.122 diagnose debug flow filter daddr 10.100.1.1 diagnose debug flow show function-name enable diagnose debug enable diagnose debug flow trace start 100 #display the next 100 packets, after that, disable the flow: When complete, you can disable manually with diagnose debug disable
The output, it will show you what interface the connection came in on, because of the
function-name enable you will see NAT, Routing, etc, IPS, offloading to NPU and SPUs, etc.
You can also see the sessions using the following commands
diagnose sys session filter clear diagnose sys session filter dst 18.104.22.168 diagnose sys session filter dport 53 diagnose sys session list #show the session table with the filter just set
Use the filter that work for you from a
destination as well as ports
With this filter, you can clear the sessions based on the filter you created by issuing the
diagnose sys session clear NOTE: Without the filter in place, you will clear ALL sessions on the FortiGate. It is always a good habit to run
diag sys session filter ? to list the filter you have configured.
You can either use the GUI or the CLI to run packet captures.
diagnose sniffer packet any 'host 22.214.171.124' 4 4 l diagnose sniffer packet any 'host 126.96.36.199 and dst port 53' 4 10 a diagnose sniffer packet wan1 'dst port (80 or 443)' 2 50 l
The verbosity is controlled by the following:
verbose: 1: print header of packets 2: print header and data from ip of packets 3: print header and data from ethernet of packets (if available) 4: print header of packets with interface name 5: print header and data from ip of packets with interface name 6: print header and data from ethernet of packets (if available) with intf name count: number of packets time-format:
a: UTC time l: local time
You can use the GUI by going to
Packet Capture then
Trackback from your site.