Packet capture on FortiGate firewall using both CLI and GUI methods. This practical guide covers filters, commands, troubleshooting tips, and FAQs for beginners and network engineers.
Packet capture is one of the most powerful troubleshooting tools available on a FortiGate firewall. Whether you are diagnosing connectivity issues, inspecting dropped traffic, or analyzing application behavior, knowing how to take packet capture on FortiGate firewall is essential for every network and security professional.
In this blog, you’ll learn two proven methods:
- Packet capture using the CLI (Command Line Interface)
- Packet capture using the GUI (Graphical User Interface)
Each method is explained clearly with examples, best practices, and common mistakes to avoid.
Packet Capture Using CLI:
First, take a packet capture using the FortiGate packet sniffer. After that, convert the sniffer output into a PCAP file using the fgt2eth tool so it can be easily opened and analyzed in Wireshark.
diagnose sniffer packet <interface> '<filter>' <verbosity> <count> <timestamp>| Parameter | Description |
| Interface | Network interface (e.g., any, port1, port2 etc.) |
| Filter | Traffic filter (BPF format) |
| Verbosity | Detail level (1–6) |
| Count | Number of packets (0 = unlimited) |
| Timestamp | Show timestamps (0 or 1) |
