FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes how to run IPS engine debug in 6.4 and later firmware’s.


FortiGate v6.4.

FortiGate v7.0.


The old '# diag debug application ipsmonitor -1command is now obsolete and does not show very useful data.


Do not use it unless specifically requested.


Here is how to debug IPSengine in 6.4 or later:


# diag ips debug enable ?
    init              init
    packet            packet
    packet_detail     packet_detail
    ************      *****
    all               all


Select the appropriate categories to filter the outputs, or select 'All'



      # diagnose ips debug enable ssl

   # diagnose ips debug enable dissector
   # diagnose debug enable

In case of production environment, run this debug only during low traffic hours, especially if 'ALL' is used, due to CPU usage impact.


To set the source filter on IPS for diagnosing 1 particular source ip so that the logs generated are less, run below commands:


# diag ips filter set 'src'


Verify the source as it is important step to verify it so it shows logs are filtered as per below command:


# diag ips filter status
debug level: 0
filter: "src"
process id: 0