Fortigate Firewall Packet capture steps:

To perform packet capture, FortiGate firewall should have below characteristics:

  • Disk logging capability
  • Disk logging is enabled

Create Packet Capture Filter:

  1. Login to webui of fortigate firewall https://<IP&gt;
  2. Go to Network > Packet Capture >
  3. If packet capture page doeskin appears in page, go to below mentioned URL

https://device management IP/ng/page/p/firewall/sniffer

4. Select create new, to build the new filter.

Fortigate-Firewall

5.  Select below filter values

  •     Interface
  •     Max, packets to save
  •     Under enable filters (more specific packet capture details) mention the values according to your requirement.
  •      Host
  •      Port
  •     VLAN
  •     Protocol

6.  Click Ok.

Fortigate-2

7. Now click on progress button

8. Stop the progress button and then download the packet capture in pcap file.