Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
os1001
New Contributor

Debug Flow Not Working

Hi, we have a Fortigate 60C and recently updated to MR3 Patch5 (due to the Bug with the Microsoft Security Patch and SSL VPN we had no choice). After this it seems that the Debug Flow is not working anymore. I exectued it as always with: Diag Debug enable Diag Debug Flow Filter addr x.x.x.x Diag Debug Flow show console enable Diag Debug Flow show func enable Diag Debug Flow trace start 100 After this I did not see any output from the Filtered IP Address. Has anyone encoutered a similiar Problem? Regards, Oliver
4 REPLIES 4
emnoc
Esteemed Contributor III

Are you sure the filter address is active? To ensure it ( debug flow ) is working try something common or bulky in nature e.g diag debug flow filter proto 6 if that works, than it' s your filter address

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
os1001
New Contributor

Hi, yeah I' m sure. I did a trace on Proto 1 and see no Ping. I also disabled the filter at all and see nothing.
ed209
New Contributor

I have the same problem here, although I also reverted back to v4. MR3 Patch 1 and tried and it still doesnt work. Any ideas? Pretty annoying when you are trying to tshoot...
ed209
New Contributor

weird, just as I upgraded it back to Patch 5, it finally spat out the 100 diag debugs I requested earlier (was still using Patch 1, when it spat it out): id=36871 trace_id=97 msg=" Find an existing session, id-000006c7, original direction" id=36871 trace_id=97 msg=" enter fast path" id=36871 trace_id=97 msg=" SNAT 192.168.1.10->x.x.x.231:42051" id=36871 trace_id=98 msg=" vd-root received a packet(proto=6, 192.168.1.10:50383->x.x.x.75:80) from internal." id=36871 trace_id=98 msg=" Find an existing session, id-000006c7, original direction" id=36871 trace_id=98 msg=" enter fast path" id=36871 trace_id=98 msg=" SNAT 192.168.1.10->x.x.x.231:42051" id=36871 trace_id=99 msg=" vd-root received a packet(proto=6, 192.168.1.10:50380->x.x.x.179:80) from internal." id=36871 trace_id=99 msg=" Find an existing session, id-000006c5, original direction" id=36871 trace_id=99 msg=" enter fast path" id=36871 trace_id=99 msg=" SNAT 192.168.1.10->x.x.x.231:29760" id=36871 trace_id=100 msg=" vd-root received a packet(proto=6, 192.168.1.10:50398->x.x.x.48:80) from internal." id=36871 trace_id=100 msg=" Find an existing session, id-000006d2, original direction" id=36871 trace_id=100 msg=" enter fast path" id=36871 trace_id=100 msg=" SNAT 192.168.1.10->x.x.x.231:42066" write config file success, prepare to save in flash zip config file /data/./config/sys_vd_root.conf.gz success! Connection to 192.168.1.99 closed by remote host. Unfortunately, I still cannot run a diag debug successfully in patch 5...
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors