|
It is possible to filter for 2 specific addresses, using the "and" operator at the end of the command, after writing 2 IP addresses.
This is the syntax:
FORTIGATE # diagnose debug flow filter addr 10.254.0.100 8.8.8.8 and
The filter can be checked running this command:
FORTIGATE # diagnose debug flow filter
vf: any
proto: any
host addr: 10.254.0.100 and 8.8.8.8
Host saddr: any
Host daddr: any
port: any
sport: any
dport: any
Notice that the filter is for IP '10.254.0.100 and 8.8.8.8'.
It is possible to use the 'or' operator in the same way:
FORTIGATE # diagnose debug flow filter addr 10.254.0.100 8.8.8.8 or
FORTIGATE # diagnose debug flow filter
vf: any
proto: any
host addr: 10.254.0.100 or 8.8.8.8
Host saddr: any
Host daddr: any
port: any
sport: any
dport: any
It is possible to filter for a range of IP addresses, writing 2 IP addresses (starting and ending address in ascending order):
FORTIGATE # diagnose debug flow filter addr 10.254.0.0 10.254.0.150
FORTIGATE # diagnose debug flow filter
vf: any
proto: any
host addr: 10.254.0.0-10.254.0.150
Host saddr: any
Host daddr: any
port: any
sport: any
dport: any
It is also possible to exclude a range, writing 2 IP addresses in descending order:
FORTIGATE # diagnose debug flow filter addr 10.254.0.10 10.254.0.0
FORTIGATE # diagnose debut flow filter
vf: any
proto: any
host addr: not in 10.254.0.0-10.254.0.10
Host saddr: any
Host daddr: any
port: any
sport: any
dport: any
Notice the 'not in' in the filter above.
|
