Troubleshooting : Solutions by issue type : Connectivity issues : Performing a packet trace
 
Performing a packet trace
When troubleshooting malformed packet or protocol errors, it helps to look inside the protocol headers of packets to determine if they are traveling along the route you expect, and with the flags and other options you expect. For instructions, see “Packet capture”.
 
If you configure virtual servers on your FortiWeb appliance, packets’ destination IP addresses will be those IP addresses, not the physical IP addresses (i.e., the IP address of port1, etc.). An ARP update is sent out when a virtual IP address is configured.
If the packet trace shows that packets are arriving at your FortiWeb appliance’s interfaces but no HTTP/HTTPS packets egress, check that:
Physical links are firmly connected, with no loose wires
Network interfaces/bridges are brought up (see “Configuring the network interfaces”)
Link aggregation peers, if any, are up (see “Link aggregation”)
VLAN IDs, if any, match (see “Adding VLAN subinterfaces”)
Virtual servers or V-zones exist, and are enabled (see “Configuring a bridge (V-zone)” and “Configuring virtual servers on your FortiWeb”)
Matching policies exist, and are enabled (see “Configuring basic policies”)
If using HTTPS, valid server/CA certificates exist (see “How to offload or inspect HTTPS”)
IP-layer, and HTTP-layer routes, if necessary, match (see “Adding a gateway” and “Routing based on HTTP header content, source IP, or cookie”)
Web servers are responsive, if server health checks are configured and enabled (see “Configuring server up/down checks”)
Load balancers, if any, are defined (see “Defining your proxies, clients, & X-headers”)
Clients are not blacklisted (see “Monitoring currently blocked IPs”)
 
For offline protection mode, it is usually normal if HTTP/HTTPS packets do not egress. The nature of this deployment style is to listen only, except to reset the TCP connection if FortiWeb detects traffic in violation.
If the packet is accepted by the policy but appears to be dropped during processing, see “Debugging the packet processing flow”.