Is packet capture COMPLETELY unavailable on the fortigate unless you purchase the model that embeds an SSD?
Such as the 60F vs 61F.
This is a native feature available on practically all other firewalls and switches, whether or not they have dedicated storage. And when I refer to packet capture, it's where you choose the filter and logging parameters to log packets for troubleshooting etc. In my experience, it's usually a couple hundred rows that you really need, not GBs.
If not, can you add a USB stick to say the 60F and enable logging?
This would be in reference to the later firmware v7.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @kf6rat,
If you are referring to packet capture feature on the GUI > Network, it is available on all FortiGate models. The captured file will not be saved in the FortiGate storage. You need to download it right away.
If you are referring to packet capture under firewall policies, FortiGate must have a disk and logging must be enabled in the firewall policy. There is no option to save packet captures to a USB stick. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/680228/performing-a-sniffer-...
Regards,
Hello,
You may consider to use CLI sniffer. It is possible to convert text sniffer (verbosity 6) to wireshark .pcap file. Please find the details by following the link below:
I appreciate the idea, however it's not addressing the primary question with regards to the packet capture feature functionality. Thank you
@kf6rat
Packet Sniffer is available, despite of USB Stick or SSD. It is a build in functionality of FortiOS
On the other hand, GUI packet capture may not be available for some devices because of small amount of resources (RAM, CPU, disk)
From what we understand, you want to use Packet Capture GUI and do captures (which will save them in internal storage)
If that storage is shown in disk drive you can use it.
i.e you can go to log settings and check Local Log. If you find USB disk shown there, you may use your feature as you require.
Hi @kf6rat,
If you are referring to packet capture feature on the GUI > Network, it is available on all FortiGate models. The captured file will not be saved in the FortiGate storage. You need to download it right away.
If you are referring to packet capture under firewall policies, FortiGate must have a disk and logging must be enabled in the firewall policy. There is no option to save packet captures to a USB stick. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/680228/performing-a-sniffer-...
Regards,
Thank you @hbac. This is correct and I verified this on our ordered unit (60F). Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1071 | |
751 | |
443 | |
219 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.