To perform packet capture, FortiGate firewall should have below characteristics:
- Disk logging capability
- Disk logging is enabled
Create Packet Capture Filter:
- Login to webui of fortigate firewall https://<IP>
- Go to Network > Packet Capture >
- If packet capture page doeskin appears in page, go to below mentioned URL
https://device management IP/ng/page/p/firewall/sniffer
4. Select create new, to build the new filter.
5. Select below filter values
- Max, packets to save
- Under enable filters (more specific packet capture details) mention the values according to your requirement.
6. Click Ok.
7. Now click on progress button
8. Stop the progress button and then download the packet capture in pcap file.