Technical Tip: How the 'negate' command in debug flow works.

The negate property can be used to exclude an IP address from debug logs. For example, to capture the debug for all sources except the IP 8.8.8.8, run the following configuration:

diagnose debug reset
diagnose debug disable
diagnose debug flow filter addr 8.8.8.8
diagnose debug flow filter proto 1
diagnose debug flow filter negate addr
diagnose debug flow trace start 999
diagnose debug flow show function-name enable
diagnose debug enable

To Stop the Debugs:

diagnose debug disable

diagnose debug reset

After running the commands, if any traffic flows through the FortiGate, it is possible to see the output but not for the address 8.8.8.8. In other words, 8.8.8.8 is excluded from the debug.

Related articles:

Debugging packet flow - FortiGate Cookbook.

Troubleshooting Tip: Enable Policy Trace in Debug Flow.

Troubleshooting Tip: First steps to troubleshoot connectivity.