FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to negate command in debug flow works.
Scope
FortiGate
Solution
As everyone is aware of the debug commands which is used on Fortigate CLI to understand the packet flow.
Assume that the user is looking to capture the debug for all sources except the IP 8.8.8.8, one can run the below-mentioned CLI commands.
# diag deb reset # diag deb disable # diag deb flow filter addr 8.8.8.8 # diag deb flow filter proto 1 # diag deb flow filter negate addr # diag deb fl trace start 999 # diag deb fl sh fun en # diag deb en
After running the commands if any traffic flows through the FortiGate one would be able to see the output but not for the address 8.8.8.8, In other words, exclude the 8.8.8.8 from the debug.
