Skip to main content
fgallardo1
Staff
fgallardo1
Staff
November 21, 2025

Troubleshooting Tip: FortiAnalyzer Packet Capture

  • November 21, 2025
  • 0 replies
  • 485 views
Description

This article describes how to perform packet capture using the FortiAnalyzer Web interface. The advantage of this way is that the capture can be downloaded as a ready file. pcap format.
Scope FortiAnalyzer.
Solution

FortiGate and other Fortinet products use the OFTPD protocol to transfer logging data through secure or insecure protocols over port 514.

To track the traffic, first confirm the protocol used, for example, on a FortiGate device, run the following command:

 

To be executed on FortiGate:

 

get log fortianalyzer setting

    set status enable

    set certificate-verification enable

    set reliable enable -> Disabled by default.

 

The setting of reliable enables TCP, together with certificate verification establish a secure connection. If the setting is disabled, then UDP will be used to forward logging data.

 

For testing purposes, capture the inbound traffic from a FortiGate to the FortiAnalyzer port1.

 

  • From the GUI -> System Settings -> Network -> Packet Capture, + Create New.

 

FAZCAP1.jpg

 

  • Select OK and start capturing from the Actions column.

 

Start Capture.png

 

  • Once the sample is taken, select stop and download in the Actions column.

 

FAZCAP2.jpg

 

  • Open the resulting file with the desired network analyzer.

 

FAZCAP3.jpg
Terms & ConditionsAccessibility statement