A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.


This article describes what basic set of outputs to collect, and how, for troubleshooting with TAC.



FortiWeb v6.4 and earlier



Follow the steps below.


1. Prepare 

- enable debug flow through the FWB CLI, log the output to a text file.



diag deb reset # to clear any already set debug
diag deb flow filter flow-detail 4
diag deb flow filter client-ip <Client IP>
diag deb flow filter server-ip <the FortiWeb VIP>
diag deb flow trace start
diag deb enable



- at the same time, start packet capture on the FortiWeb,

  • one for frontend connection (Client <-> FortiWeb)
  • and one for backend connection (FortiWeb <-> Server), in case there are multiple backend servers repeat this for each server

- option 1 (preferred), use GUI
System > Network > Packet Capture



- option 2 (when GUI access is not available), use CLI (through a different SSH session)



diag network sniffer packet any "port 443" 6



you can put ip to the filter list, eg.



diag network sniffer packet any "port 443 and host" 6'



2. Generate the outputs

- Initiate request from client and reproduce the issue

- in case you're using browser, clear the cache and restart it or use anonymous window before initiating the request.


3. Cleanup

- stop the packet capture (in CLI by pressing CTRL+C)
- disable the debug flow



diag deb flow trace stop
diag deb disa




4. Collect

- download the pcap files from FortiWeb and zip them together with the debug flow output text file