Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Huey
New Contributor III

Fortigate 'Capture packets' in policy screen

I see this "Capture packets" option while defining policies.  How do I use it?

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
7 REPLIES 7
Christopher_McMullan

The feature causes the FortiGate to log a capture file for each session matching the policy

 

.I haven't had to test the feature to see where the capture files end up. I think from memory that the log entry for a session should contain a link to the local (or remote) location of the file for download and local viewing.

 

Regards, Chris McMullan Fortinet Ottawa

Huey

That sounds correct, I read somewhere that it goes to the logs.  I've been checking under Log and report -> Traffic log -> Sniffer traffic, but theres nothing there and the rule I enabled "Capture packets" on has been getting hits.  Not sure where else to look.  We have FortiAnalyzer setup and the Fortigate is logging to it as well.  I dont see anywhere on FortiAnalyzer that the captured data would show up tho.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
Huey
New Contributor III

Bumping this thread.  Running 5.4.2 and cant find where to display/download the captured packets still.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
Carl_Wallmark
Valued Contributor

I tested to enable "Capture Traffic" inside on of my policies.

It shows up in the logs.

 

FortiGate 100D with 5.4.3

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Huey
New Contributor III

Ok.  Not seeing that on mine.  I am using FortiAnalyzer so that may have something to do with it...

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
PDG
New Contributor

Did you tried it like described in the KB?

http://kb.fortinet.com/kb/documentLink.do?externalID=FD38914

This worked for me.

 

 

 

Huey
New Contributor III

Yes, those were the directions I followed.  May have something to do with running FortiAnalyzer but not sure.  I looked there as well but no love.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
Labels
Top Kudoed Authors