Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Created on ‎11-01-2022 04:59 AM

Debug command - unable to understand meanings

Hi All,

I want to understand the meaning of following commands, Can anyone make me understand.

What I have understood below commands -

 

diagnose debug enable (enable debug)
diagnose debug flow trace start (In order to start debug packet)
diagnose debug flow trace stop (To stop debug output)
diagnose debug flow filter addr 203.160.224.97 (I think 203.160.224.97 is the source address from where traffic is initiating)
diagnose debug flow show function-name enable ( Not able to understand this command)
diagnose debug flow trace start 100 (Debug output packet would be 100 as per my thinking)

diagnose debug flow trace stop  (In order to stop debug output)

 

Thank you

Labels:
358
0 Kudos
1 REPLY 1
bpozdena_FTNT
Staff
Staff

Created on ‎11-01-2022 07:00 AM

Hi Umesh,

 

your understanding is correct. Just note that `flow filter addr 203.160.224.97` will show flow debug for packets with source or destination IP 203.160.224.97. You can use `flow filter saddr` or `flow filter daddr` to specify the direction. 

 

The bellow two slides might help understand some more details about the outputs. 

 

bpozdena_FTNT_1-1667310864411.png

 

bpozdena_FTNT_0-1667310777047.png

 

HTH,
Boris
350
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.