00:00
>> In this video, you will learn how to use
00:00
packet capture to monitor
00:00
traffic passing through your FortiGate.
00:00
Intercepting and capturing packets
00:00
can be a useful troubleshooting tool,
00:00
allowing you to analyze traffic in detail.
00:00
you can easily create customized packet filters and run
00:00
them whenever you need in-depth
00:00
information about your traffic.
00:00
Open the FortiGate interface and go to System, Network,
00:00
Packet Capture to create a new filter.
00:00
The simplest filter that you can create captures
00:00
a number of packets that
00:00
pass through a selected interface.
00:00
Select an interface, enter a number,
00:00
and save your filter.
00:00
Create another filter and select "Enable Filters".
00:00
You can monitor an interface for all packets that have
00:00
a source or destination within a certain IP range,
00:00
by entering that IP range as the host.
00:00
Save your filter and create another.
00:00
For this one, set the port to port 80 and
00:00
443 to capture all HTTP and HTTPS packets,
00:00
sent through the interface,
00:00
create one more filter and enter 132 as
00:00
the protocol to capture
00:00
all SCTP packets that
00:00
pass through the selected interface.
00:00
Running multiple packet capture filters at
00:00
once can affect your FortiGate unit's performance.
00:00
Select the play icon on
00:00
your filters to start them capturing packets.
00:00
Once the maximum number of packets has been reached,
00:00
the filter will stop collecting them.
00:00
You can stop and restart them at
00:00
anytime and you can download the saved PCAP files,
00:00
which can be opened with a PCAP file viewer
00:00
Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com
00:00
to access our complete documentation library.
00:00
Also check out our new cookbook site at
00:00
cookbook.fortinet.com for more tutorials like this one.