Description |
This article describes what basic set of outputs to collect, and how, for troubleshooting with TAC. |
Scope |
FortiWeb. |
Solution |
Follow the steps below.
diag deb reset <- To clear any already set debug. diag deb flow filter flow-detail 4 diag deb flow filter client-ip <Client IP> diag deb flow filter server-ip <the FortiWeb VIP> diag deb flow trace start diag deb enable
Starting from version 7.0.2 and above: To collect the SSL keys to support and record TLS traffic, the 'diag deb flow filter pserver-ip' command has been introduced. Below is an example:
diag deb flow filter http-detail 4 diag deb flow filter flow-detail 4 diag deb flow filter session-detail 2 diag deb flow filter client-ip <CLIENT IP> diag deb flow filter server-ip <the FortiWeb VIP IP> diag deb flow trace start diag deb enable
diag network sniffer packet any "port 443" 6
One can put IP to the filter list, e.g.
diag network sniffer packet any "port 443 and host 10.1.1.1" 6'
diag deb flow trace stop diag deb disa
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.