Thursday, February 5, 2015

diag debug flow from a fortigate ( local vrs interface )

Diag debug flow is the #1 trouble-shooting tool that should always be deployed from a fortigate. In this example,  I will show you how to determine if your diag debug flow caught packets that where generated locally from the unit


1st a simple filter



Now here's a  trace where packets crossed a inside to outside interface



Now here's a trace where the packets where generated locally ( in my a case a ping from the FGT100D device )



NOTE  Do you happen to notice the "from local" 

So yes diagnostic debug flow will show you any and all packets regardless if it crossed interfaces or are locally generated.

To learn more revisit one of my earlier threads.

http://socpuppet.blogspot.com/2013/06/diag-debug-flow-troubleshooting.html
http://socpuppet.blogspot.com/2014/08/fortigate-connectivity-diagnostic-steps.html


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)