This document illustrates the steps to capture debug flow via GUI in FortiOS 7.2.0.

1). Navigate to Network -> Diagnostics -> Debug Flow and toggle the Filters to on:

2). The option present here is to select between Basic and Advanced filter types. The difference between Basic and Advanced types is as below:

Basic- filter by IP address, Port, and Protocol. In CLI, the respective is translated to the following commands:

# diag deb flow filter addr <IP_addr/range>

# diag deb flow filter port <port/range>

# diag deb flow filter proto <protocol>

Advanced: Provides the option to filter by Source IP, Source port, Destination IP, Destination port, and Protocol. In CLI, the respective is translated to the following commands:

# diag deb flow filter saddr <source_IP/range>

# diag deb flow filter sport <port/range>

# diag deb flow filter daddr <destination_IP/range>

# diag deb flow filter dport <port/range>

# diag deb flow filter proto <protocol>

3). Fill in the required information in the filter and start the debug flow. It is not necessary to fill in all information. Information that is not filled in will be set as any:

4). FortiGate will run a live capture on the user’s traffic that matches the filter and the result will be displayed on the screen:

5). The output can be exported to CSV file for further investigation and analysis:

6). The following is an example of the output in CSV. The file can be uploaded to support ticket for further investigation purposes: