To perform packet capture, FortiGate firewall should have below characteristics:
- Disk logging capability
- Disk logging is enabled
Create Packet Capture Filter:
- Login to webui of fortigate firewall https://<IP>
- Go to Network > Packet Capture >
- If packet capture page doeskin appears in page, go to below mentioned URL
https://device management IP/ng/page/p/firewall/sniffer
4. Select create new, to build the new filter.
5. Select below filter values
- Interface
- Max, packets to save
- Under enable filters (more specific packet capture details) mention the values according to your requirement.
- Host
- Port
- VLAN
- Protocol
6. Click Ok.
7. Now click on progress button
8. Stop the progress button and then download the packet capture in pcap file.