Performing a packet trace

Troubleshooting : Solutions by issue type : Connectivity issues : Performing a packet trace

When troubleshooting malformed packet or protocol errors, it helps to look inside the protocol headers of packets to determine if they are traveling along the route you expect, and with the flags and other options you expect. For instructions, see “Packet capture”.


	If you configure virtual servers on your FortiADC appliance, packets’ destination IP addresses will be those IP addresses, not the physical IP addresses (i.e., the IP address of port1, etc.). An ARP update is sent out when a virtual IP address is configured.

If the packet trace shows that packets are arriving at your FortiADC appliance’s interfaces but no HTTP/HTTPS packets egress, check that:

• Physical links are firmly connected, with no loose wires

• Network interfaces are brought up (see “Configuring the physical network interfaces”)

• Link aggregation peers, if any, are up (see “Link aggregation”)

• VLAN IDs, if any, match (see “Adding VLAN subinterfaces”)

• Virtual servers exist, and are enabled (see “Load balancing among local servers”)

• Matching policies exist, and are enabled (see “Configuring firewall policies”)

• If using HTTPS, valid server/CA certificates exist (see “How to offload HTTPS”)

• IP-layer and HTTP-layer routes, if necessary, match (see “Adding a gateway” and “Load balancing among local servers”)

• Servers are responsive, if server health checks are configured and enabled (see “Load balancing among local servers”)