Log messages when forwarding traffic

upsales-devops · ‎04-26-2024

We are using our FortiGate 200F as an internal LB for some requests against a service.

What we are wondering is if it's possible to log data when forwarding traffic?

We can see successful re-routes in the Forward Traffic logs, like source and destination, but we can not determine what requests that relate to what re-route, for troubleshooting.

Ex.

A service sends a POST request with headers and body to an IP and port of a Virtual server with Round Robin.

External IP Address/Range	10.0.10.100
External Service Port	2003
Real Servers	10.0.10.110:2003 10.0.10.111:2003 10.0.10.112:2003 10.0.10.113:2003 10.0.10.114:2003 10.0.10.115:2003 10.0.10.116:2003 10.0.10.117:2003

We need to be able to follow the request but are unable to determine what log relates to what request, and we get multiple requests a second.

Is there any way for FortiGate to log the data it re-routes?

AEK · ‎04-26-2024

If I understand well you are looking for packet capture, right?

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/462154/using-the-packet-capt...

AEK

upsales-devops · ‎04-26-2024

That looks about right, will test it out, thank you!

ebilcari · ‎04-26-2024

You can also use the diagnose commands:
FW # diagnose firewall vip
realserver Load balance real servers.
virtual-server Virtual-server diagnostics.

and for traffic sniffing:

diagnose sniffer packet any 'tcp and port 2003' 4 0 l

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

Log messages when forwarding traffic

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website