Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff

Created on ‎12-28-2021 09:46 AM Edited on ‎03-20-2025 10:51 PM By Community Manager

Article Id 202114

Technical Tip: How the 'negate' command in debug flow works.

Description This article describes how the 'negate' command in debug flow works.
Scope FortiGate.
Solution

The negate property can be used to exclude an IP address from debug logs. For example, to capture the debug for all sources except the IP 8.8.8.8, run the following configuration:


diagnose deb reset
diagnose deb disable
diagnose deb flow filter addr 8.8.8.8
diagnose deb flow filter proto 1
diagnose deb flow filter negate addr
diagnose deb fl trace start 999
diagnose deb fl sh fun en
diagnose deb en

 

To Stop the Debugs:

 

diagnose de disable

diagnose de reset

 

After running the commands, if any traffic flows through the FortiGate, it is possible to see the output but not for the address 8.8.8.8. In other words, 8.8.8.8 is excluded from the debug.

 

Related articles:

Debugging packet flow - FortiGate Cookbook.

Troubleshooting Tip: Enable Policy Trace in Debug Flow.

Troubleshooting Tip: First steps to troubleshoot connectivity.
1755
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.