Use these commands to generate only packet flow debug logs that match your filter criteria, such as a specific destination IP address. You can also use these commands to delete the packet flow debug log filter, so that all packet flow debug logs are generated.
Before you will be able to see any debug logs, you must first enable debug log output using the command debug.
To use this command, your administrator account’s access control profile requires only
r permission in any profile area. For details, see Permissions.
diagnose debug flow filter reset
diagnose debug flow filter client-ip <source_ipv4 | source_ipv6>
diagnose debug flow filter server-ip <destination_ipv4 | destination_ipv6>
Enter the source (
Note: This filter operates at the IP layer, not the HTTP layer.
If a load balancer or other web proxy is deployed in front of FortiWeb, and therefore all connections for HTTP requests appear to originate from this IP address, configuring this filter will have no effect.
Similarly, if multiple clients share an Internet connection via NAT or explicit web proxy, configuring this filter will only isolate connections that share this IP address. It will not be able to filter out a single client based on individual HTTP sessions from that IP.
Enter the destination (
This will generate only packet flow debug log messages involving that server IP address.