So a lot of people that have smaller units have noticed in the latest versions (5.4+) that the PCAP link is now gone. Well, this video will show you how to get to that page so that you can carry out PCAPs from the GUI. We know that not everyone is as good at the CLI interface as they would like to be and this is a good shortcut to help those in need when they are troubleshooting their FortiGate.
Yeah, otherwise you have to output via CLI and hope the buffer can keep up (bigger environments will lose packets once it overruns the buffer which can cause you to lose important information)
I just found this site (fortinetguru.com) and loving it too! Keep up the work Mike!
I have a FW80CM unit running 5.6.3 and I get the 403 error code “Access denied” as mentioned above.
Any suggestions?
Soooo what is the solution now? Should I buy an ssd and install it myself? or is there really no way to block/reserve some small amount of RAM and when that fills up just stop capturing. Or just post an warning message before?
pcap was hidden but still available on our 3960E with 5.6.3 but no longer on 6.0.1
Shane
I just upgraded a 60E to 6.0.5 and the Packet Capture option appears in the GUI and works properly. I have seen it come and go through various firmware revisions. It initially worked in 5.4.4 but resulted in the 403 error in 5.4.6. I upgraded from 5.4.6 to 6.0.5 using the recommended upgrade path and confirmed that it returned in 6.0.5.
Tried on my FWF60D running 5.4.7 and it doesn’t work. Getting : Error 403: Access denied. displayed in GUI itself.
https://86.24.X.X/ng/page/p/firewall/sniffer/
Any ideas?
Thanks,
Interesting. Will load 5.4.7 on my FWF61E and see if it works. Would hate for them to remove it completely from the later builds.
Hi Augustas,
check if your Fortigate unit has an integrated HDD,i guess that having the HDD is a precondition for packet capture to work.
Yeah, otherwise you have to output via CLI and hope the buffer can keep up (bigger environments will lose packets once it overruns the buffer which can cause you to lose important information)
Verified to work on a 61E running 5.6.3.
Thank you for the site, Mike. Keep up the great work!
Glad to hear you were able to get it working!
I just found this site (fortinetguru.com) and loving it too! Keep up the work Mike!
I have a FW80CM unit running 5.6.3 and I get the 403 error code “Access denied” as mentioned above.
Any suggestions?
Reuben,
They yanked it on the later versions of code. Of course, they re-add it on the 6.0 firmware! (with the link and all)
Not True for 6.0.1 here on an ssd-less FG
The diskless ones have no where to store the pcaps. It doesn’t work or show at all on them.
Soooo what is the solution now? Should I buy an ssd and install it myself? or is there really no way to block/reserve some small amount of RAM and when that fills up just stop capturing. Or just post an warning message before?
pcap was hidden but still available on our 3960E with 5.6.3 but no longer on 6.0.1
I just upgraded a 60E to 6.0.5 and the Packet Capture option appears in the GUI and works properly. I have seen it come and go through various firmware revisions. It initially worked in 5.4.4 but resulted in the 403 error in 5.4.6. I upgraded from 5.4.6 to 6.0.5 using the recommended upgrade path and confirmed that it returned in 6.0.5.
hello, it does not work in version 5.6 with VDOM
https://1.1.1.1/ng/page/p/firewall/sniffer/1?vdom=NAME
https://1.1.1.1/ng/page/p/firewall/sniffer/?vdom=NAME
Error 403: Access denied.