From cdfe2623c4dbe5f7d00194d8ed1d2c3d88ae0acf Mon Sep 17 00:00:00 2001
From: Yuri Slobodyanyuk <yuri@yurisk.info>
Date: Sun, 13 Mar 2022 17:55:18 +0200
Subject: [PATCH] Added policy lookup to FGT debug

---
 .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
index c7a6070..a894941 100644
--- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
+++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
@@ -24,6 +24,11 @@ NOTE: All debug will run for 30 minutes by default, to increase use `diagnose de
 |Command
 |Description
 
+|*diagnose firewall iprope lookup <src IP> <src port> <dst IP> <dst port>
+<protocol IANA protocol number> <src interface>*
+|Policy lookup for any combination of IPs and ports - use to see what policy (if
+any) matches traffic between specific IP addresses and ports.
+
 |*diagnose debug flow filter*
 |Show the active filter for the flow debug