Fortigate 'Capture packets' in policy screen

Forum|Forum|11 years ago
May 5, 2015
1 reply
25101 views

I see this "Capture packets" option while defining policies. How do I use it?

Christopher_McMullan

Staff

The feature causes the FortiGate to log a capture file for each session matching the policy

.I haven't had to test the feature to see where the capture files end up. I think from memory that the log entry for a session should contain a link to the local (or remote) location of the file for download and local viewing.

HueyAuthor

New Member

That sounds correct, I read somewhere that it goes to the logs. I've been checking under Log and report -> Traffic log -> Sniffer traffic, but theres nothing there and the rule I enabled "Capture packets" on has been getting hits. Not sure where else to look. We have FortiAnalyzer setup and the Fortigate is logging to it as well. I dont see anywhere on FortiAnalyzer that the captured data would show up tho.

HueyAuthor

New Member

Bumping this thread. Running 5.4.2 and cant find where to display/download the captured packets still.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded