View blocked connection attempts

Question

Sorry this is probably an easy answer by Iâ€™m just getting my feet wet with the Fortigate devices (60â€™s & 80â€™s)    Iâ€™m trying to view the actual blocked connection attempts coming into our wan1 (external) interface â€“ just basic blocked connections where thereâ€™s no policy setup to allow the connection attempt through.  Weâ€™ve got a couple services setup for our roaming users out there and their IPâ€™s change every once in a while.  I need to see these connection attempts being blocked once their public IPâ€™s change â€“ not quite sure how to do that on the Fortigate 80 though.  Iâ€™m assuming command line and maybe a debug, but Iâ€™m not finding it in any manual or google search.    Thanks for any info!

dlya · Answer

Take a sniffer trace as per the following examples when running a constant ping (or TCP connection) from PC1 to PC2. This will answer the following questions: - Is traffic arriving to the FortiGate and does it arrive on the expected port? - Is the ARP resolution correct for the targeted next-hop? - Is the traffic exiting the FortiGate to the destination? - Is the traffic sent back to the source? FGT# diagnose sniffer packet any " host or host " 4 or FGT# diagnose sniffer packet any " (host or host ) and icmp" 4 Including the ARP protocol in the filter may be useful to troubleshoot a failure in the ARP resolution (for instance PC2 may be down and not responding to the FortiGate ARP requests) FGT# diagnose sniffer packet any " host or host or arp" 4 To stop the sniffer, type CTRL+C. With verbosity 4 above, the sniffer trace will display the port names where traffic ingresses/egresses.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded