diagnose : debug flow filter
 
debug flow filter
Use these commands to generate only packet flow debug logs that match your filter criteria, such as a specific destination IP address. You can also use these commands to delete the packet flow debug log filter, so that all packet flow debug logs are generated.
To use this command, your administrator account’s access control profile requires only r permission in any profile area.
Syntax
diagnose debug flow filter reset
diagnose debug flow filter client-ip <source_ipv4 | source_ipv6>
diagnose debug flow filter server-ip <destination_ipv4 | destination_ipv6>
Variable
Description
Default
client-ip <source_ipv4 | source_ipv6>
Type the source (SRC) IP address of connections. This will generate only packet flow debug log messages involving that source IP address.
Note: This filter operates at the IP layer, not the HTTP layer.
If a load balancer or other web proxy is deployed in front of FortiWeb, and therefore all connections for HTTP requests appear to originate from this IP address, configuring this filter will have no effect.
Similarly, if multiple clients share an Internet connection via NAT or explicit web proxy, configuring this filter will only isolate connections that share this IP address. It will not be able to filter out a single client based on individual HTTP sessions from that IP.
No default.
server-ip <destination_ipv4 | destination_ipv6>
Type the destination (DST) IP address of the connection, either the:
virtual server on FortiWeb (if FortiWeb is operating in reverse proxy mode)
protected web server on the back end (all other operation modes)
This will generate only packet flow debug log messages involving that server IP address.
No default.
Related topics
diagnose debug flow trace