View the exhibit:
The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:
What should be done next to troubleshoot the problem?
A. Run a sniffer in the web server.
B. Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
C. Capture the traffic using an external sniffer connected to port1.
D. Execute a debug flow.
Without doubt D
the capture has been made on all the interface “any”
We see the traffic on the port 3, but we don’t see outgoing traffic on the port 1. At this stage, we know that the firewall drop the packet but WHY !!
Solution => debug flow
Fantastic. What will debug flow offer though?? Will this show if the traffic exit port 1? Otherwise will think the next thing is to check the webserver if the packet gets to it, and why it’s not responding.
exactly!
debug flow tell us nothing! we need to find reason why server is not sending SYN/ACK packet and this can be done only one server itself
Ok I am wrong , we dont see packets comming out of the FW on port1 so debug is correct
D is correct, see FortiGate_Infrastructure_6.2_Study_Guide-Online.pdf page 383
D
Step 1: Routing table check (in NAT mode)
Step 2: Verify is services are opened (if access to the FortiGate)
Step 3: Sniffer trace
Step 4: Debug flow
Step 5: Session list
the Correct answer is D
D