From 9fa4fb490ce55f5beb5f650d25ec00bd0263da7e Mon Sep 17 00:00:00 2001
From: Yuri Slobodyanyuk <yuri@yurisk.info>
Date: Sun, 13 Mar 2022 17:59:15 +0200
Subject: [PATCH] Added policy lookup to FGT debug

---
 .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc         | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
index 73d03f3..fe418de 100644
--- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
+++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
@@ -27,7 +27,8 @@ NOTE: All debug will run for 30 minutes by default, to increase use `diagnose de
 |*diagnose firewall iprope lookup <src IP> <src port> <dst IP> <dst port>
 <IANA protocol number> <src interface>*
 |Policy lookup for any combination of IPs and ports - use to see what policy (if
-any) matches traffic between specific IP addresses and ports.
+any) matches traffic between specific IP addresses and ports. E.g. `dia firewall
+iprope 10.10.10.1 34567 8.8.8.8 443 6 LAN1`
 
 |*diagnose debug flow filter*
 |Show the active filter for the flow debug