Fortinet black logo

New Features

Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2

Copy Link
Copy Doc ID 722c6141-8e83-11ec-9fd1-fa163e15d75b:404857
Download PDF

Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2

FortiManager can perform packet capture on managed FortiGate interfaces and trigger packet capture on the managed FortiSwitches when traffic-sniffer has been configured. The captured file can be saved and downloaded as .pcap file for further analysis.

Packet Capture in the Device manager
To perform a packet capture on managed FortiGate interfaces:
  1. In Device Manager, select a FortiGate and go to System > Interface.
  2. Select an interface, click More > Packet Capture.
  3. You can configure the Max Number of Packets and/or Filters, and click OK to start the packet capture.
  4. Select Graph, Headers, or Packet Data to view details of the packet.
Packet Capture in the FortiSwitch Manager
To perform a packet capture on managed FortiSwitch devices:
  1. In the FortiGate CLI, configure the switch-controller traffic-sniffer setting.
    For example:

    config switch-controller traffic-sniffer

    set mode rspan

    config target-mac

    edit 00:0c:29:1a:2b:3c

    set description "ABC123"

    next

    end

    config target-ip

    edit 192.168.11.11

    set description "ABC123IP"

    next

    end

    config target-port

    edit "S000DN4K15000050"

    set description "ABC123switch"

    set out-ports "port1"

    next

    end

  2. After the FortiGate has been added in FortiManager, go to FortiSwitch Manager, select a FortiSwitch device, right-click and select Diagnostics and Tools.
  3. When the FortiSwitch is not configured in switch-controller traffic-sniffer, the Packet Capture tab will not be displayed.
  4. When the FortiSwitch is configured in switch-controller traffic-sniffer, the Packet Capture tab is shown.
  5. You can configure the Max Number of Packets and/or Filters, and click Start Capture to begin capturing packets.
  6. Select Graph, Headers or Packet Data to view details of the packet.


  7. When user stops packet capturing, the captured packets can be saved into a .pcap file.

Perform packet capture on managed FortiGate interfaces and on managed FortiSwitches 7.2.2

FortiManager can perform packet capture on managed FortiGate interfaces and trigger packet capture on the managed FortiSwitches when traffic-sniffer has been configured. The captured file can be saved and downloaded as .pcap file for further analysis.

Packet Capture in the Device manager
To perform a packet capture on managed FortiGate interfaces:
  1. In Device Manager, select a FortiGate and go to System > Interface.
  2. Select an interface, click More > Packet Capture.
  3. You can configure the Max Number of Packets and/or Filters, and click OK to start the packet capture.
  4. Select Graph, Headers, or Packet Data to view details of the packet.
Packet Capture in the FortiSwitch Manager
To perform a packet capture on managed FortiSwitch devices:
  1. In the FortiGate CLI, configure the switch-controller traffic-sniffer setting.
    For example:

    config switch-controller traffic-sniffer

    set mode rspan

    config target-mac

    edit 00:0c:29:1a:2b:3c

    set description "ABC123"

    next

    end

    config target-ip

    edit 192.168.11.11

    set description "ABC123IP"

    next

    end

    config target-port

    edit "S000DN4K15000050"

    set description "ABC123switch"

    set out-ports "port1"

    next

    end

  2. After the FortiGate has been added in FortiManager, go to FortiSwitch Manager, select a FortiSwitch device, right-click and select Diagnostics and Tools.
  3. When the FortiSwitch is not configured in switch-controller traffic-sniffer, the Packet Capture tab will not be displayed.
  4. When the FortiSwitch is configured in switch-controller traffic-sniffer, the Packet Capture tab is shown.
  5. You can configure the Max Number of Packets and/or Filters, and click Start Capture to begin capturing packets.
  6. Select Graph, Headers or Packet Data to view details of the packet.


  7. When user stops packet capturing, the captured packets can be saved into a .pcap file.