Tuesday, November 2, 2010

FortiNet Flow Traces

Flow Traces are useful for seeing things like which Policy Rule is getting hit, and which routes are being used to go to a specific IP.

Commands for using the Diag debug flow.

  • addr ip address
  • clear clear filter
  • daddr dest ip address
  • dport destination port
  • negate inverse filter
  • port port
  • proto protocol number
  • saddr source ip address
  • sport source port

Example;

  • diag debug enable
  • diag debug flow filter daddr 10.10.10.10
  • diag debug flow show console enable
  • diag debug flow trace start 100