Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Huey
New Contributor III

Created on ‎05-05-2015 12:01 PM

Fortigate 'Capture packets' in policy screen

I see this "Capture packets" option while defining policies.  How do I use it?

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
23363
0 Kudos
7 REPLIES 7
Christopher_McMullan
Staff
Staff

Created on ‎05-06-2015 07:31 AM

The feature causes the FortiGate to log a capture file for each session matching the policy

 

.I haven't had to test the feature to see where the capture files end up. I think from memory that the log entry for a session should contain a link to the local (or remote) location of the file for download and local viewing.

 

Regards, Chris McMullan Fortinet Ottawa

5830
0 Kudos
Huey
New Contributor III
In response to Christopher_McMullan

Created on ‎05-06-2015 07:49 AM

That sounds correct, I read somewhere that it goes to the logs.  I've been checking under Log and report -> Traffic log -> Sniffer traffic, but theres nothing there and the rule I enabled "Capture packets" on has been getting hits.  Not sure where else to look.  We have FortiAnalyzer setup and the Fortigate is logging to it as well.  I dont see anywhere on FortiAnalyzer that the captured data would show up tho.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
5830
0 Kudos
Huey
New Contributor III
In response to Huey

Created on ‎01-23-2017 06:35 AM

Bumping this thread.  Running 5.4.2 and cant find where to display/download the captured packets still.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
5830
0 Kudos
Carl_Wallmark
Valued Contributor
In response to Huey

Created on ‎01-23-2017 07:02 AM

I tested to enable "Capture Traffic" inside on of my policies.

It shows up in the logs.

 

FortiGate 100D with 5.4.3

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
capture.jpg
Preview file
175 KB
5830
0 Kudos
Huey
New Contributor III
In response to Carl_Wallmark

Created on ‎01-23-2017 07:19 AM

Ok.  Not seeing that on mine.  I am using FortiAnalyzer so that may have something to do with it...

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
5830
0 Kudos
PDG
New Contributor
In response to Huey

Created on ‎01-23-2017 08:11 AM

Did you tried it like described in the KB?

http://kb.fortinet.com/kb/documentLink.do?externalID=FD38914

This worked for me.

 

 

 

5830
0 Kudos
Huey
New Contributor III
In response to PDG

Created on ‎01-23-2017 08:18 AM

Yes, those were the directions I followed.  May have something to do with running FortiAnalyzer but not sure.  I looked there as well but no love.

Layer8 Consulting

http://www.L8C.com

 

Layer8 Consulting http://www.L8C.com
5830
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.