This article describes how to create packet capture at the policy level.
Scope
FortiGate.
Solution
This guide shows how to create an automated packet capture.
It is possible to enable packet capture on the firewall policy using the below command:
When a firewall policy with packet capture enabled is matched, FortiGate automatically begins capturing packets.
To download it, select the logs, then select details.
Select Archived Data, then select the download button.
This can be helpful when capturing traffic that cannot be generated on demand.