Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

System utility

Go to System > Utility to employ various system utilities.

FortiGuard query

Go to System > Utility > FortiGuard Query to to manually query the FortiGuard antispam service by entering an IP address, URL, or a Hash value of an email message.

For more detailed information, see Manually querying FortiGuard antispam service.

Traffic capture

When troubleshooting networks, it helps to look inside the contents of the packets. This helps to determine if the packets, route, and destination are all what you expect. Traffic capture can also be called packet sniffing, a network tap, or logic analyzing.

Packet sniffing tells you what is happening on the network at a low level. This can be very useful for troubleshooting problems, such as:

  • finding missing traffic
  • seeing if sessions are setting up properly
  • locating ARP problems such as broadcast storm sources and causes
  • confirming which address a computer is using on the network if they have multiple addresses or are on multiple networks
  • confirming routing is working as you expect
  • intermittent missing PING packets.

If you are running a constant traffic application such as ping, packet sniffing can tell you if the traffic is reaching the destination, how the port enters and exits the FortiRecorder unit, if the ARP resolution is correct, and if the traffic is returning to the source as expected. You can also use packet switching to verify that NAT or other configuration is translating addresses or routing traffic the way that you want it to.

Before you start sniffing packets, you need to have a good idea of what you are looking for. Sniffing is used to confirm or deny your ideas about what is happening on the network. If you try sniffing without a plan to narrow your search, you could end up with too much data to effectively analyze. On the other hand, you need to sniff enough packets to really understand all of the patterns and behavior that you are looking for.

To capture the traffic
  1. Go to System > Utility > Traffic Capture.
  2. Click New.
  3. Enter a description for the file generated from the captured traffic.
  4. Enter the time period for performing the packet capture.
  5. Specify which interface you want to capture.
  6. If you want to limit the scope of traffic capture, in the IP/HOST field, enter a maximum of 3 IP addresses or host names for which you want to capture.
  7. Select the filter for the traffic capture:
  • Use protocol: Only UDP or TCP traffic on the specified port number will be captured.
  • Capture all: All network traffic will be captured.
  • For Exclusion, enter the IP addresses/host names and port numbers for which do not want to capture.
  • Click Create.
  • Regular expression validator

    Go to System > Utility > Regex Validator to validate and test regular expressions and string text.

    Message file converter

    Go to System > Utility > Msg Converter to convert .msg files to .eml files. Since .msg is only used by Outlook, you can use the converter to allow other email programs to work with the .msg file content, once converted to the more universal .eml format.

    To evade email attachment inspection, a sender may use the Outlook file format .msg to hide malicious links, since FortiMail couldn't scan the content of an email attachment with .msg files attached.

    Trace log

    If Fortinet technical support requests a trace log for system analysis purposes, you can download one using the web UI.

    Trace logs are compressed into an archive (.gz), and contain information that is supplementary to debug-level log files.

    To download a trace file
    1. Go to System > Utility > Trace Log.
    2. At the bottom of the tab, click Download Trace Log.

    System utility

    Go to System > Utility to employ various system utilities.

    FortiGuard query

    Go to System > Utility > FortiGuard Query to to manually query the FortiGuard antispam service by entering an IP address, URL, or a Hash value of an email message.

    For more detailed information, see Manually querying FortiGuard antispam service.

    Traffic capture

    When troubleshooting networks, it helps to look inside the contents of the packets. This helps to determine if the packets, route, and destination are all what you expect. Traffic capture can also be called packet sniffing, a network tap, or logic analyzing.

    Packet sniffing tells you what is happening on the network at a low level. This can be very useful for troubleshooting problems, such as:

    • finding missing traffic
    • seeing if sessions are setting up properly
    • locating ARP problems such as broadcast storm sources and causes
    • confirming which address a computer is using on the network if they have multiple addresses or are on multiple networks
    • confirming routing is working as you expect
    • intermittent missing PING packets.

    If you are running a constant traffic application such as ping, packet sniffing can tell you if the traffic is reaching the destination, how the port enters and exits the FortiRecorder unit, if the ARP resolution is correct, and if the traffic is returning to the source as expected. You can also use packet switching to verify that NAT or other configuration is translating addresses or routing traffic the way that you want it to.

    Before you start sniffing packets, you need to have a good idea of what you are looking for. Sniffing is used to confirm or deny your ideas about what is happening on the network. If you try sniffing without a plan to narrow your search, you could end up with too much data to effectively analyze. On the other hand, you need to sniff enough packets to really understand all of the patterns and behavior that you are looking for.

    To capture the traffic
    1. Go to System > Utility > Traffic Capture.
    2. Click New.
    3. Enter a description for the file generated from the captured traffic.
    4. Enter the time period for performing the packet capture.
    5. Specify which interface you want to capture.
    6. If you want to limit the scope of traffic capture, in the IP/HOST field, enter a maximum of 3 IP addresses or host names for which you want to capture.
    7. Select the filter for the traffic capture:
    • Use protocol: Only UDP or TCP traffic on the specified port number will be captured.
    • Capture all: All network traffic will be captured.
  • For Exclusion, enter the IP addresses/host names and port numbers for which do not want to capture.
  • Click Create.
  • Regular expression validator

    Go to System > Utility > Regex Validator to validate and test regular expressions and string text.

    Message file converter

    Go to System > Utility > Msg Converter to convert .msg files to .eml files. Since .msg is only used by Outlook, you can use the converter to allow other email programs to work with the .msg file content, once converted to the more universal .eml format.

    To evade email attachment inspection, a sender may use the Outlook file format .msg to hide malicious links, since FortiMail couldn't scan the content of an email attachment with .msg files attached.

    Trace log

    If Fortinet technical support requests a trace log for system analysis purposes, you can download one using the web UI.

    Trace logs are compressed into an archive (.gz), and contain information that is supplementary to debug-level log files.

    To download a trace file
    1. Go to System > Utility > Trace Log.
    2. At the bottom of the tab, click Download Trace Log.