The feature causes the FortiGate to log a capture file for each session matching the policy
.I haven't had to test the feature to see where the capture files end up. I think from memory that the log entry for a session should contain a link to the local (or remote) location of the file for download and local viewing.
That sounds correct, I read somewhere that it goes to the logs. I've been checking under Log and report -> Traffic log -> Sniffer traffic, but theres nothing there and the rule I enabled "Capture packets" on has been getting hits. Not sure where else to look. We have FortiAnalyzer setup and the Fortigate is logging to it as well. I dont see anywhere on FortiAnalyzer that the captured data would show up tho.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.