FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
opetr_FTNT
Staff
Staff

Description

This article describes what basic set of outputs to collect, and how, for troubleshooting with TAC.

 

Scope:

FortiWeb v6.4 and earlier

 

Solution:

Follow the steps below.

 

1. Prepare 

- enable debug flow through the FWB CLI, log the output to a text file.

 

 

diag deb reset # to clear any already set debug
diag deb flow filter flow-detail 4
diag deb flow filter client-ip <Client IP>
diag deb flow filter server-ip <the FortiWeb VIP>
diag deb flow trace start
diag deb enable

 

 

- at the same time, start packet capture on the FortiWeb,

  • one for frontend connection (Client <-> FortiWeb)
  • and one for backend connection (FortiWeb <-> Server), in case there are multiple backend servers repeat this for each server

- option 1 (preferred), use GUI
System > Network > Packet Capture

opetr_FTNT_0-1637756998692.png

 

- option 2 (when GUI access is not available), use CLI (through a different SSH session)

 

 

diag network sniffer packet any "port 443" 6

 

 

you can put ip to the filter list, eg.

 

 

diag network sniffer packet any "port 443 and host 10.1.1.1" 6'

 

 


2. Generate the outputs

- Initiate request from client and reproduce the issue

- in case you're using browser, clear the cache and restart it or use anonymous window before initiating the request.

 

3. Cleanup

- stop the packet capture (in CLI by pressing CTRL+C)
- disable the debug flow

 

 

diag deb flow trace stop
diag deb disa

 

 

 

4. Collect

- download the pcap files from FortiWeb and zip them together with the debug flow output text file

Contributors