Description
Scope
Solution
Restricting the built-in Sniffer to a GRE interface is not supported prior to FortiOS v5.4.5 and FortiOS v5.6.
The CLI returns to the prompt:
The CLI returns to the prompt:
config system gre-tunnel
edit "toFG1"
set interface "port1"
set remote-gw 198.51.100.1
set local-gw 203.0.113.2
next
end
FG2 # diagnose sniffer packet toFG1 'icmp' 4
interfaces=[toFG1]
filters=[icmp]
FG2 #
Scope
This restriction no longer applies as of FortiOS 5.4.5 and FortiOS 5.6
Starting from the above FortiOS versions, it is possible to restrict the built-in sniffer to GRE interfaces.
Starting from the above FortiOS versions, it is possible to restrict the built-in sniffer to GRE interfaces.
Solution
The packet capture must be done on interface "any":
FG2 # diagnose sniffer packet any 'ip proto 47 or icmp' 4
interfaces=[any]
filters=[ip proto 47 or icmp]
6.885829 port1 in 198.51.100.1 -> 203.0.113.2: gre: length 88 proto-800
6.885841 toFG1 in 10.1.1.254 -> 10.2.2.254: icmp: echo request
6.885926 toFG1 out 10.2.2.254 -> 10.1.1.254: icmp: echo reply
6.885931 port1 out 203.0.113.2 -> 198.51.100.1: gre: length 88 proto-800
7.896868 port1 in 198.51.100.1 -> 203.0.113.2: gre: length 88 proto-800
7.896878 toFG1 in 10.1.1.254 -> 10.2.2.254: icmp: echo request
7.896906 toFG1 out 10.2.2.254 -> 10.1.1.254: icmp: echo reply
7.896910 port1 out 203.0.113.2 -> 198.51.100.1: gre: length 88 proto-800
8.906681 port1 in 198.51.100.1 -> 203.0.113.2: gre: length 88 proto-800
8.906693 toFG1 in 10.1.1.254 -> 10.2.2.254: icmp: echo request
8.906728 toFG1 out 10.2.2.254 -> 10.1.1.254: icmp: echo reply
8.906732 port1 out 203.0.113.2 -> 198.51.100.1: gre: length 88 proto-800
9.916754 port1 in 198.51.100.1 -> 203.0.113.2: gre: length 88 proto-800
9.916764 toFG1 in 10.1.1.254 -> 10.2.2.254: icmp: echo request
9.916790 toFG1 out 10.2.2.254 -> 10.1.1.254: icmp: echo reply
9.916794 port1 out 203.0.113.2 -> 198.51.100.1: gre: length 88 proto-800
10.926697 port1 in 198.51.100.1 -> 203.0.113.2: gre: length 88 proto-800
10.926709 toFG1 in 10.1.1.254 -> 10.2.2.254: icmp: echo request
10.926743 toFG1 out 10.2.2.254 -> 10.1.1.254: icmp: echo reply
10.926748 port1 out 203.0.113.2 -> 198.51.100.1: gre: length 88 proto-800
20 packets received by filter
0 packets dropped by kernel
Related Articles
Technical Note : Configuring and verifying a GRE tunnel between two FortiGates (static routing)
Labels: