Fortigate Firewall Packet capture steps:

To perform packet capture, FortiGate firewall should have below characteristics:

  • Disk logging capability
  • Disk logging is enabled

Create Packet Capture Filter:

  1. Login to webui of fortigate firewall https://<IP&gt;
  2. Go to Network > Packet Capture >
  3. If packet capture page doeskin appears in page, go to below mentioned URL

https://device management IP/ng/page/p/firewall/sniffer

4. Select create new, to build the new filter.

Fortigate-Firewall

5.  Select below filter values

  •     Interface
  •     Max, packets to save
  •     Under enable filters (more specific packet capture details) mention the values according to your requirement.
  •      Host
  •      Port
  •     VLAN
  •     Protocol

6.  Click Ok.

Fortigate-2

7. Now click on progress button

8. Stop the progress button and then download the packet capture in pcap file.

 

 

 

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s