FORTIGATE - Packet Debug Flow: Difference between revisions
From Wiki.IT-Arts.net
No edit summary |
|||
Line 5: | Line 5: | ||
== Quick Example == | == Quick Example == | ||
To | To stop all other debug and clear the filter, type : | ||
<nowiki> | <nowiki> | ||
diag debug flow trace stop | |||
diag debug flow filter clear</nowiki> | |||
The following example shows the flow trace for a device with an IP address of W.X.Y.Z : | The following example shows the flow trace for a device with an IP address of W.X.Y.Z : | ||
Line 26: | Line 22: | ||
== Diagnose Debug Flow Command == | == Diagnose Debug Flow Command == | ||
To start flow monitoring with a specific number of packets : | |||
<nowiki> | |||
diagnose debug flow trace start <N></nowiki> | |||
To stop flow tracing at any time : | |||
<nowiki> | |||
diagnose debug flow trace stop</nowiki> | |||
To follow packet flow by setting a flow filter: | To follow packet flow by setting a flow filter: | ||
Line 50: | Line 56: | ||
sport source port | sport source port | ||
vd index of virtual domain; -1 matches all</nowiki> | vd index of virtual domain; -1 matches all</nowiki> | ||
== Example == | |||
<nowiki> | |||
Sample output: IPsec (policy-based) | |||
id=20085 trace_id=1 msg="vd-root received a packet(proto=1, 10.72.55.240:1->10.71.55.10:8) from internal." | |||
id=20085 trace_id=1 msg="allocate a new session-00001cd3" | |||
id=20085 trace_id=1 msg="find a route: gw-66.236.56.230 via wan1" | |||
id=20085 trace_id=1 msg="Allowed by Policy-2: encrypt" | |||
id=20085 trace_id=1 msg="enter IPsec tunnel-RemotePhase1" | |||
id=20085 trace_id=1 msg="encrypted, and send to 15.215.225.22 with source 66.236.56.226" | |||
id=20085 trace_id=1 msg="send to 66.236.56.230 via intf-wan1“ | |||
id=20085 trace_id=2 msg="vd-root received a packet (proto=1, 10.72.55.240:1-1071.55.10:8) from internal." | |||
id=20085 trace_id=2 msg="Find an existing session, id-00001cd3, original direction" | |||
id=20085 trace_id=2 msg="enter IPsec ="encrypted, and send to 15.215.225.22 with source 66.236.56.226“ tunnel-RemotePhase1" | |||
id=20085 trace_id=2 msgid=20085 trace_id=2 msg="send to 66.236.56.230 via intf-wan1"</nowiki> | |||
== Usefull Links == | == Usefull Links == | ||
Line 55: | Line 82: | ||
* https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/54688/debugging-the-packet-flow | * https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/54688/debugging-the-packet-flow | ||
* https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/54688/debugging-the-packet-flow | * https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/54688/debugging-the-packet-flow | ||
* https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560 |
Revision as of 13:31, 18 August 2024
FortiOS 6.2.12 Cookbook / FortiOS 7.4.3 Administration Guide
Quick Example
To stop all other debug and clear the filter, type :
diag debug flow trace stop diag debug flow filter clear
The following example shows the flow trace for a device with an IP address of W.X.Y.Z :
diagnose debug enable diagnose debug flow filter addr W.X.Y.Z diagnose debug flow show function-name enable diagnose debug flow trace start 100
Diagnose Debug Flow Command
To start flow monitoring with a specific number of packets :
diagnose debug flow trace start <N>
To stop flow tracing at any time :
diagnose debug flow trace stop
To follow packet flow by setting a flow filter:
# diagnose debug flow {filter | filter6} <option>
- Enter filter if your network uses IPv4.
- Enter filter6 if your network uses IPv6.
Replace <option> with one of the following variables:
Variable Description :
addr IPv4 or IPv6 address clear clear filter daddr destination IPv4 or IPv6 address dport destination port negate inverse IPv4 or IPv6 filter port port proto protocol number saddr source address sport source port vd index of virtual domain; -1 matches all
Example
Sample output: IPsec (policy-based) id=20085 trace_id=1 msg="vd-root received a packet(proto=1, 10.72.55.240:1->10.71.55.10:8) from internal." id=20085 trace_id=1 msg="allocate a new session-00001cd3" id=20085 trace_id=1 msg="find a route: gw-66.236.56.230 via wan1" id=20085 trace_id=1 msg="Allowed by Policy-2: encrypt" id=20085 trace_id=1 msg="enter IPsec tunnel-RemotePhase1" id=20085 trace_id=1 msg="encrypted, and send to 15.215.225.22 with source 66.236.56.226" id=20085 trace_id=1 msg="send to 66.236.56.230 via intf-wan1“ id=20085 trace_id=2 msg="vd-root received a packet (proto=1, 10.72.55.240:1-1071.55.10:8) from internal." id=20085 trace_id=2 msg="Find an existing session, id-00001cd3, original direction" id=20085 trace_id=2 msg="enter IPsec ="encrypted, and send to 15.215.225.22 with source 66.236.56.226“ tunnel-RemotePhase1" id=20085 trace_id=2 msgid=20085 trace_id=2 msg="send to 66.236.56.230 via intf-wan1"
Usefull Links
- https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/54688/debugging-the-packet-flow
- https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/54688/debugging-the-packet-flow
- https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560