Flow trace
To trace the flow of packets through the FortiGate unit, use the following command:
diag debug flow trace start
If your network is using IPv4, follow packet flow by setting a flow filter using this command:
diag debug flow filter <option>
Filtering options include the following:
addr IPv4 address
clear clear filter
daddr destination IPv4 address
dport destination port
negate inverse IPv4 filter
port port
proto protocol number
saddr source IPv4 address
sport source port
vd index of virtual domain, -1 matches all
If your network is using IPv6, follow packet flow by setting a flow filter using this command:
diag debug flow filter6 <option>
Filtering options include the following:
addr IPv6 address
clear clear filter
daddr destination IPv6 address
dport destination port
negate inverse IPv6 filter
port port
proto protocol number
saddr source IPv6 address
sport source port
vd index of virtual domain, -1 matches all
Enable the output to be displayed to the CLI console using the following command:
diag debug flow show console enable
| diag debug flow output is recorded as event log messages and are sent to a FortiCloud or a FortiAnalyzer unit if connected. Do not let this command run longer than necessary since it generates significant amounts of data. |
Start flow monitoring with a specific number of packets using this command:
diag debug flow trace start <N>
Stop flow tracing at any time using:
diag debug flow trace stop
The following is an example of the flow trace for the device at the following IP address: 203.160.224.97
diag debug enable
diag debug flow filter addr 203.160.224.97
diag debug flow show console enable
diag debug flow show function-name enable
diag debug flow trace start 100