Dark Light

If you want to check the traffic flow on FGT there are several options. However, it might me easy to see which policy hits which packet. The commands you’ll need are the following:

# Disable previously issued debug commands
fortigate # diag debug disable

# Add Host IP filter
fortigate # diag debug flow filter add 172.20.1.23

# Add Destination port filter
fortigate # diag debug flow filter dport 5001

# Enable function name display
fortigate # diag debug flow show function-name enable

# Define the number of packets to capture 
fortigate # diag debug flow trace start 100

# Enable debug
fortigate # diag debug enable

Further resource: http://docs.fortinet.com/document/fortigate/7.2.2/administration-guide/54688/debugging-the-packet-flow

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Fortinet Important Sites

Fortinet Developer Network fndn.fortinet.net Fortinet Support support.fortinet.com Github (Official) github.com/fortinet Github (EMEA CSE) github.com/40net-cloud Fortinet Docs docs.fortinet.com