I'm also interested in this function to test the traffic between two fortigates. I see two interesting thigs:
the command "diag traffictest run" is like a script. It launchs two times the iperf, as you can see with this:
FW1_xxx_xx # diagnose traffictest show
FW1_xxx_xx # diagnose traffictest run (running in another CLI)
FW1_xxx_xx # fnsysctl ps
8931 0 0 R /bin/iperf -s -B xx.xx.xx.xx -m root -p 9999
8932 0 0 R /bin/iperf -c xx.xx.xx.xx -B yy.yy.yy.yy -m root -p 9999
You can see also that there is a listening connection on port 9999:
FW1_xxx_xx # diagnose sys tcpsock | grep 9999
xx.xx.xx.xx:9999->0.0.0.0:0->state=listen err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
xx.xx.xx.xx:9999->yy.yy.yy.yy:5241->state=estabilshed err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
xx.xx.xx.xx:9999->yy.yy.yy.yy:19686->state=estabilshed err=0 sockflag=0x1 rma=0 wma=0 fma=774144 tma=0
yy.yy.yy.yy:19686->xx.xx.xx.xx:9999->state=estabilshed err=0 sockflag=0x1 rma=0 wma=133120 fma=309248 tma=0
yy.yy.yy.yy:5241->xx.xx.xx.xx:9999->state=estabilshed err=0 sockflag=0x1 rma=0 wma=0 fma=0 tma=0
I tried to do the same command on another fortigate with -c xx.xx.xx.xx so it should connect to the other fortigate iperf. Diag sniffer confirm that traffic arrives to the server fortigate, but the syns are dropped. Debug flow shows "iprope_check_failed", like when you are trying to manage the firewall, but don't have trusted hosts or management service enabled.
I tried also a firewall local-in policy to accept anything with no result.
Some other ideas? :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.