Flow trace
To trace the flow of packets through the FortiGate unit, use the following command:
diag debug flow trace start
Follow packet flow by setting a flow filter using this command:
diag debug flow filter <option>
Filtering options include the following:
addr IP address
clear clear filter
daddr destination IP address
dport destination port
negate inverse filter
port port
proto protocol number
saddr source IP address
sport source port
vd index of virtual domain, -1 matches all
Enable the output to be displayed to the CLI console using the following command:
diag debug flow show console
| diag debug flow output is recorded as event log messages and are sent to a FortiAnalyzer unit if connected. Do not let this command run longer than necessary since it generates significant amounts of data. |
Start flow monitoring with a specific number of packets using this command:
diag debug flow trace start <N>
Stop flow tracing at any time using:
diag debug flow trace stop
The following is an example of the flow trace for the device at the following IP address: 203.160.224.97
diag debug enable
diag debug flow filter addr 203.160.224.97
diag debug flow show console enable
diag debug flow show function-name enable
diag debug flow trace start 100