Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kf6rat
New Contributor

FortiGate Packet Capture on non embedded SSD (60F)

Is packet capture COMPLETELY unavailable on the fortigate unless you purchase the model that embeds an SSD?

Such as the 60F vs 61F.

This is a native feature available on practically all other firewalls and switches, whether or not they have dedicated storage. And when I refer to packet capture, it's where you choose the filter and logging parameters to log packets for troubleshooting etc. In my experience, it's usually a couple hundred rows that you really need, not GBs.

 

If not, can you add a USB stick to say the 60F and enable logging?

This would be in reference to the later firmware v7.

1 Solution
hbac
Staff
Staff

Hi @kf6rat,

 

If you are referring to packet capture feature on the GUI > Network, it is available on all FortiGate models. The captured file will not be saved in the FortiGate storage. You need to download it right away. 

 

If you are referring to packet capture under firewall policies, FortiGate must have a disk and logging must be enabled in the firewall policy. There is no option to save packet captures to a USB stick. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/680228/performing-a-sniffer-...

 

Regards, 

View solution in original post

5 REPLIES 5
abarushka
Staff
Staff

Hello,

 

You may consider to use CLI sniffer. It is possible to convert text sniffer (verbosity 6) to wireshark .pcap file. Please find the details by following the link below:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-import-diagnose-sniffer-packet-data...

FortiGate
kf6rat

I appreciate the idea, however it's not addressing the primary question with regards to the packet capture feature functionality. Thank you

xshkurti
Staff
Staff

@kf6rat 
Packet Sniffer is available, despite of USB Stick or SSD. It is a build in functionality of FortiOS
On the other hand, GUI packet capture may not be available for some devices because of small amount of resources (RAM, CPU, disk)

From what we understand, you want to use Packet Capture GUI and do captures (which will save them in internal storage)
If that storage is shown in disk drive you can use it.
i.e you can go to log settings and check Local Log. If you find USB disk shown there, you may use your feature as you require.

hbac
Staff
Staff

Hi @kf6rat,

 

If you are referring to packet capture feature on the GUI > Network, it is available on all FortiGate models. The captured file will not be saved in the FortiGate storage. You need to download it right away. 

 

If you are referring to packet capture under firewall policies, FortiGate must have a disk and logging must be enabled in the firewall policy. There is no option to save packet captures to a USB stick. https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/680228/performing-a-sniffer-...

 

Regards, 

kf6rat
New Contributor

Thank you @hbac. This is correct and I verified this on our ordered unit (60F). Thank you!Screenshot 2023-10-13 090140.png

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors