Hi! On one hand, Fortinet warns "Packet capture can be very resource
intensive. To minimize the performance impact .. use packet capture only
during periods of minimal traffic ... and be sure to stop the command
when you are finished." But, on the ot...
Hi!FortiGate / FortiOS 7.0.0 FortiOS Release Notes introduces:677784Add
commands to debug traffic statistics for traffic monitor interfaces
(interface), interface traffic in real-time data (peek), and to dump
interface traffic history data (history):...
Hi!There seems to be a severe limitation with 'firewall local-in-policy'
as scalable substitute for 'system admin' limit of 10 trusthosts. Since
(a) 'firewall local-in-policy' cannot reference 'system admin user' as
allowed source; nor (b) 'system ad...
Hi!I wish to implement OSCP Stapling for some (not all) firewall
policies referencing a "firewall ssl-ssh-profile" with "inspect-all" set
to "deep-inspection". KB 198293 comments on "vpn certificate setting",
"vpn certificate ocsp-server" and notes "...
Hi!I created followed filtered IS, based on ISDB entry: fgt-1 # show
firewall internet-service-name is_Microsoft_Azure_China config firewall
internet-service-name edit "is_Microsoft_Azure_China" set type location
set internet-service-id 327786 set co...
@fernandezm_FTNT I have no doubt you know the subject, but this post - a
mishmash of GUI and CLI - is too hard to follow. The only mandatory
graphic: network/topology diagram - is missing, whilst the rest should
have been CLI alone. Additionally, "wh...
Hi @jiyong @jiyong wrote:Hi @AlexFerenX :To use the above debug, the
settings below must be enabled.config system interfaceedit mgmtset
monitor-bandwidth enableNo, that cannot be correct - I've done same, and
don't see any output: CENSORED (vdom-ext)...
Hi @AlexC-FTNT Every packet capture started in GUI
(Network/diagnostic/packet capture) starts a new process
"httpssnifferd", so you can see them with:diag sys process pidof
httpsnifferorfnsysctl ps (this will give some more information about the
pack...
Hi @jiyong ,> Please open a FortiCare ticket to check and provide
details about this feature. These are typical response from Fortinet
Support for non-fault Tickets:"Why do you need it?""What are you trying
to achieve?""What is current problem?"to wh...
Hi @jiyong ,> I think it is expressed in bytes, but I think I need to
look for more information.this is the reason for this forum question
(not because I cannot press "?" after typing "diagnose debug
traffic").The key omission is "introduces ... with...
