This article describes what basic set of outputs to collect, and how, for troubleshooting with TAC.
FortiWeb v6.4 and earlier
Follow the steps below.
- enable debug flow through the FWB CLI, log the output to a text file.
diag deb reset # to clear any already set debug diag deb flow filter flow-detail 4 diag deb flow filter client-ip <Client IP> diag deb flow filter server-ip <the FortiWeb VIP> diag deb flow trace start diag deb enable
- at the same time, start packet capture on the FortiWeb,
- option 1 (preferred), use GUI
System > Network > Packet Capture
- option 2 (when GUI access is not available), use CLI (through a different SSH session)
diag network sniffer packet any "port 443" 6
you can put ip to the filter list, eg.
diag network sniffer packet any "port 443 and host 10.1.1.1" 6'
2. Generate the outputs
- Initiate request from client and reproduce the issue
- in case you're using browser, clear the cache and restart it or use anonymous window before initiating the request.
- stop the packet capture (in CLI by pressing CTRL+C)
- disable the debug flow
diag deb flow trace stop diag deb disa
- download the pcap files from FortiWeb and zip them together with the debug flow output text file