Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff

Created on ‎12-28-2021 09:46 AM Edited on ‎07-27-2023 09:05 AM By Moderator

Article Id 202114

Technical Tip: How the 'negate' command in debug flow works.

Description This article describes how the 'negate' command in debug flow works.
Scope FortiGate.
Solution

The negate property can be used to exclude an IP address from debug logs. For example, to capture the debug for all sources except the IP 8.8.8.8, run the following configuration:


diag deb reset
diag deb disable
diag deb flow filter addr 8.8.8.8
diag deb flow filter proto 1
diag deb flow filter negate addr
diag deb fl trace start 999
diag deb fl sh fun en
diag deb en

 

After running the commands, if any traffic flows through the FortiGate, it is possible to see the output but not for the address 8.8.8.8. In other words, 8.8.8.8 is excluded from the debug.

 

Related articles:

Debugging packet flow - FortiGate Cookbook.

Troubleshooting Tip: Enable Policy Trace in Debug Flow.

Troubleshooting Tip: First steps to troubleshoot connectivity.
1232
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.