Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎12-28-2021 09:46 AM Edited on ‎08-24-2025 09:23 PM By Community Manager

Article Id 202114

Technical Tip: How the 'negate' command in debug flow works.

Description This article describes how the 'negate' command in debug flow works.
Scope FortiGate.
Solution

The negate property can be used to exclude an IP address from debug logs. For example, to capture the debug for all sources except the IP 8.8.8.8, run the following configuration:


diagnose debug reset
diagnose debug disable
diagnose debug flow filter addr 8.8.8.8
diagnose debug flow filter proto 1
diagnose debug flow filter negate addr
diagnose debug flow trace start 999
diagnose debug flow show function-name enable
diagnose debug enable

 

To Stop the Debugs:

 

diagnose debug disable

diagnose debug reset

 

After running the commands, if any traffic flows through the FortiGate, it is possible to see the output but not for the address 8.8.8.8. In other words, 8.8.8.8 is excluded from the debug.

 

Related articles:

Debugging packet flow - FortiGate Cookbook.

Troubleshooting Tip: Enable Policy Trace in Debug Flow.

Troubleshooting Tip: First steps to troubleshoot connectivity.
2013
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.