Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiProxy 7.6.2 Administration Guide
    7.6.2
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Diagnostics

    Diagnostics

    Administrators can use the Diagnostics page to create a filter on an interface to capture a specified number of packet streams to examine in real-time with header and payload information. Once completed, packets can be filtered by various fields or through the search bar. The capture can be saved as a PCAP file that you can use with a third-party application, such as Wireshark, for further analysis. Recent capture criteria is saved after the packet capture, and you can select and use the same criteria again. You can also save the capture criteria without starting the capture by clicking Save settings for later after configuring the packet capture criteria.

    Capture cards in the Network > Diagnostics page are sorted in alphabetical order of the configured name and colored depending on state:

    • Green: The packet capture is running.

    • Gray: The packet capture has not started yet, has completed, or the capture files have been deleted.

    To capture packets in the GUI:

    1. Go to Network > Diagnostics and select the Packet Capture tab.

    2. Select one or multiple interfaces (default is any).

    3. Specify the name in the Name field. The name must be unique for the packet capture criteria being configured.

    4. Optionally, enable Maximum captured packets and enter a number which is the maximum number of packets that the FortiProxy will capture. The default is 10000. When disabled, the FortiProxy automatically stops after capturing 50,000 packets to preserve memory.

    5. Optionally, enable Filters and select a Filtering syntax:

      1. Basic: enter criteria for the Host, Hostname, Port, and Protocol number.

      2. Advanced: enter a string, such as src host 172.16.200.254 and dst host 172.16.200.1 and dst port 443.

    6. Click Start capture. The capture is visible in real-time.

    7. While the capture is running, select a packet, then click View to see more information in the Headers or Packet Data tabs.

    8. When the capture is finished, click Save as pcap. The PCAP file is automatically downloaded.

    9. Optionally, use the Search bar or the column headers to filter the results further.

    For more granular sniffer output with various verbose settings, use diagnose sniffer packet <interface> <'filter'> <verbose> <count> <tsformat>.

    Multiple packet captures

    Multiple packet captures can be run simultaneously for when many packet captures are needed for one situation. For example, ingress and egress interfaces can be captured at the same time to compare traffic or the physical interface and VPN interface can be captured using different filters to see if packets are leaving the VPN.

    The packet capture dialog can be docked and minimized to run in the background. The minimized dialog aligns with other CLI terminals that are minimized.

    To run multiple packet captures at the same time:

    1. Go to Network > Diagnostics.

    2. Configure the first packet capture:

      1. Click New packet capture. The Packet Capture (1) dialog is displayed.

      2. Select the Interface and configure other settings as needed.

      3. Click Start capture. The first packet capture begins.

    3. Minimize the packet capture. The packet capture continues to run.

    4. Configure the second packet capture:

      1. Click New packet capture. The Packet Capture (2) dialog is displayed.

      2. Select the Interface and configure other settings as needed.

      3. Click Start capture. The second packet capture begins.

    5. When the captures are complete, expand the dialog and select Save as pcap for each packet capture.

    Previous
    Next

    Diagnostics

    Diagnostics

    Administrators can use the Diagnostics page to create a filter on an interface to capture a specified number of packet streams to examine in real-time with header and payload information. Once completed, packets can be filtered by various fields or through the search bar. The capture can be saved as a PCAP file that you can use with a third-party application, such as Wireshark, for further analysis. Recent capture criteria is saved after the packet capture, and you can select and use the same criteria again. You can also save the capture criteria without starting the capture by clicking Save settings for later after configuring the packet capture criteria.

    Capture cards in the Network > Diagnostics page are sorted in alphabetical order of the configured name and colored depending on state:

    • Green: The packet capture is running.

    • Gray: The packet capture has not started yet, has completed, or the capture files have been deleted.

    To capture packets in the GUI:

    1. Go to Network > Diagnostics and select the Packet Capture tab.

    2. Select one or multiple interfaces (default is any).

    3. Specify the name in the Name field. The name must be unique for the packet capture criteria being configured.

    4. Optionally, enable Maximum captured packets and enter a number which is the maximum number of packets that the FortiProxy will capture. The default is 10000. When disabled, the FortiProxy automatically stops after capturing 50,000 packets to preserve memory.

    5. Optionally, enable Filters and select a Filtering syntax:

      1. Basic: enter criteria for the Host, Hostname, Port, and Protocol number.

      2. Advanced: enter a string, such as src host 172.16.200.254 and dst host 172.16.200.1 and dst port 443.

    6. Click Start capture. The capture is visible in real-time.

    7. While the capture is running, select a packet, then click View to see more information in the Headers or Packet Data tabs.

    8. When the capture is finished, click Save as pcap. The PCAP file is automatically downloaded.

    9. Optionally, use the Search bar or the column headers to filter the results further.

    For more granular sniffer output with various verbose settings, use diagnose sniffer packet <interface> <'filter'> <verbose> <count> <tsformat>.

    Multiple packet captures

    Multiple packet captures can be run simultaneously for when many packet captures are needed for one situation. For example, ingress and egress interfaces can be captured at the same time to compare traffic or the physical interface and VPN interface can be captured using different filters to see if packets are leaving the VPN.

    The packet capture dialog can be docked and minimized to run in the background. The minimized dialog aligns with other CLI terminals that are minimized.

    To run multiple packet captures at the same time:

    1. Go to Network > Diagnostics.

    2. Configure the first packet capture:

      1. Click New packet capture. The Packet Capture (1) dialog is displayed.

      2. Select the Interface and configure other settings as needed.

      3. Click Start capture. The first packet capture begins.

    3. Minimize the packet capture. The packet capture continues to run.

    4. Configure the second packet capture:

      1. Click New packet capture. The Packet Capture (2) dialog is displayed.

      2. Select the Interface and configure other settings as needed.

      3. Click Start capture. The second packet capture begins.

    5. When the captures are complete, expand the dialog and select Save as pcap for each packet capture.

    Previous
    Next