Wednesday, July 16, 2008

Packet Capture for non-Admin Users

Any user on the Fortigate platform used to be able to capture traffic on the ANY interface using

diag sniffer packet any

In FortiOS 3.0 MR6 Fortinet has imposed some restrictions. The admin user can still utilize this syntax. However any non-admin user must now specify an interface to capture traffic on as in the following examples.

diag sniffer packet wan1
diag sniffer packet internal

Trying to capture traffic using the ANY interface results in the following error if you are not the admin user:

diag sniffer packet any
No permission to sniff on interface any
Command fail. Return code -37

No comments: