1. To run a debug flow in FortiGate GUI, go to Network -> Diagnostics and select the Debug Flow tab.
   
   
2. By default, the number of packets is 100, maximum is 1000.
   
   
3. Enable the filter, and there will be two filter types.
   
   
4. For filter types 'Basic', it is possible to filter by IP address, Port, and Protocol.
   
   
5. For filter types 'Advanced', it is possible to filter by Source IP, Source port, Destination IP, Destination port, and Protocol.
   
   
6. Once the filter has been configured, select 'Start debug flow' to start the debug. The debug messages are visible in real-time.
   
   
7. It is possible to stop the debug flow by selecting 'Stop debug flow' or wait for it run until number of packets that had define.
   
   
8. It is possible to save the output in CSV format.
   
   
9. The output can be filtered by 'Time', 'Message', and 'Function field'.

To run the debug flow in the Firewall CLI, use the following command:

diagnose debug reset
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug flow filter saddr x.x.x.x <- Source IP

diagnose debug flow filter daddr y.y.y.y <- Destination IP

diagnose debug flow filter port zzz
diagnose debug flow show function-name enable
diagnose debug console timestamp enable
diagnose debug flow trace start 1000
diagnose debug enable

To stop the debug, run the following command:

diagnose debug disable

diagnose debug reset

Note: These are the different filters that can be configured in the packet flow over the CLI console:

For more detailed information, check this guide: Technical Tip: Using filters to review traffic traversing the FortiGate 

Related document:

Embed real-time debug flow tool on Diagnostics page

Note: By default duration is 30 minutes, if it is desired to increase or decrease the time, refer to the article below:

Technical Tip: Changing debug duration