What is the easiest way to see dropped packets?

Report Inappropriate Content · ‎02-07-2006

haHi. I need to see the dropped packets in real-time, to debug the FW rules. What is the best way to do so? Can I see it in the SSH interface? Will I be able to see it in the HTTPS interface of the next version? Syslog? Thanks.

Report Inappropriate Content · ‎02-13-2006

I go to the rules for the source and destination interfaces I wish to monitor and add a final rule that always denies everything. Then I check the log function and I can then watch it in the traffic log.

Report Inappropriate Content · ‎02-13-2006

Do you use a FortiLog device? I have only 2 FortiGates..

Report Inappropriate Content · ‎02-14-2006

No I just look at the logs in the webinterface. I did have a syslog server running. And I had written a parser to send logs to dshield.org. But I kinda had to disable all that when we started getting tons of ddos and portscans. It took only 6 hours to fill the harddisks of the fg3000 with logs of denied packets and attack logs.

Report Inappropriate Content · ‎02-14-2006

Don' t understand something, If a rule blocks, for example, port 80 traffic from port2 to port1. How can a all-all-DENY rule that comes afterwards can show droops?

Report Inappropriate Content · ‎02-15-2006

Oh, I guess it can' t. Then I think you need to enable logging for each deny rule. The way I set up the firewall is that nothing is allowed and then I add rules for the specific ports/services that I want to allow.

Report Inappropriate Content · ‎02-14-2006

If you have a syslog server, I think it' s the best way. On a unix machine you can use " tail -f" and " grep" to help you in your debug. Buzzy