FGT # diagnose debug flow filter daddr <dst_server_ip>
FGT # diagnose debug flow show console enable
FGT # diagnose debug enable
FGT # diagnose debug flow trace start 1000
id=36870 trace_id=400 msg="vd-root received a packet(proto=17, 192.168.3.20:1470-><dns_server_ip>:53) from to_client."
id=36870 trace_id=400 msg="allocate a new session-00002a55"
id=36870 trace_id=400 msg="find a route: gw-172.16.0.254 via to_server"
id=36870 trace_id=400 msg="find SNAT: IP-172.16.0.100, port-36150"
id=36870 trace_id=400 msg="Denied by end point ip filter check"
Once the test is complete, the debug outputs should be disabled by using the commands:
# diag debug flow trace stop
# diag debug reset
# diag debug disable
FGT # diagnose debug flow show console enable
FGT # diagnose debug enable
FGT # diagnose debug flow trace start 1000
id=36870 trace_id=400 msg="vd-root received a packet(proto=17, 192.168.3.20:1470-><dns_server_ip>:53) from to_client."
id=36870 trace_id=400 msg="allocate a new session-00002a55"
id=36870 trace_id=400 msg="find a route: gw-172.16.0.254 via to_server"
id=36870 trace_id=400 msg="find SNAT: IP-172.16.0.100, port-36150"
id=36870 trace_id=400 msg="Denied by end point ip filter check"
Once the test is complete, the debug outputs should be disabled by using the commands:
# diag debug flow trace stop
# diag debug reset
# diag debug disable