Troubleshooting Tip: How to check traffic flow on FortiExtender
Description
This article describes the steps to check the traffic flow on the FortiExtender.
Scope
KB Article Type - Design
Related Products - FortiExtender
Related Software Versions - All S/W versions
Keywords – FortiExtender, Traffic flow
Solution
Traffic initiated from the FortiGate can be traced on the FortiExtender from the shell mode as below.
This article describes the steps to check the traffic flow on the FortiExtender.
Scope
KB Article Type - Design
Related Products - FortiExtender
Related Software Versions - All S/W versions
Keywords – FortiExtender, Traffic flow
Solution
Traffic initiated from the FortiGate can be traced on the FortiExtender from the shell mode as below.
# execute telnet 20.20.20.2
Trying 20.20.20.2...
Connected to 20.20.20.2.
FXET login: admin
FXET # execute shell
~ # ifconfig <------------- To verify the interfaces available on the FEXT
eth0 Link encap:Ethernet HWaddr 00:E0:FC:55:55:55
inet6 addr: fe80::2e0:fcff:fe55:5555/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2181262 errors:0 dropped:0 overruns:0 frame:0
TX packets:2176437 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:345176350 (329.1 MiB) TX bytes:299681782 (285.7 MiB)
Interrupt:120
eth1 Link encap:UNSPEC HWaddr D6-C0-CE-13-6E-08-00-00-00-00-00-00-00-00-00-00
inet addr:100.68.104.31 Bcast:100.68.104.63 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3504 errors:0 dropped:0 overruns:0 frame:0
TX packets:3895 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:610996 (596.6 KiB) TX bytes:711336 (694.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:840 (840.0 B) TX bytes:840 (840.0 B)
nas1 Link encap:Ethernet HWaddr 70:4C:A5:E7:CC:7C
inet addr:20.20.20.2 Bcast:20.20.20.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:fcff:fe55:5555/64 Scope:Link
inet6 addr: 2008::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2181262 errors:0 dropped:0 overruns:0 frame:0
TX packets:2176428 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:305913634 (291.7 MiB) TX bytes:289418612 (276.0 MiB)
nas1.10 Link encap:Ethernet HWaddr 70:4C:A5:E7:CC:7C
inet6 addr: fe80::724c:a5ff:fee7:cc7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6209 errors:0 dropped:0 overruns:0 frame:0
TX packets:2512 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1194141 (1.1 MiB) TX bytes:790942 (772.4 KiB)
~ # iptables -t raw –L <----------- To verify the routing table on the FEXT
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere socket
FEXT2 all -- anywhere anywhere lanif=nas1.10 wanif=eth1 lan_mode=ETHERNET_MODE wan_mode=ETHERNET_MODEip=100.68.104.31 netmask=255.255.255.192 gw=100.68.104.32 dns1=172.30.139.16 dns2=172.31.139.16 fext_ssh_port=0 fext_https_port=0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
~ # ifconfig nas1.10 <------------ Traffic gateway is nas1.10 interface in this example
nas1.10 Link encap:Ethernet HWaddr 70:4C:A5:E7:CC:7C
inet6 addr: fe80::724c:a5ff:fee7:cc7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6209 errors:0 dropped:0 overruns:0 frame:0
TX packets:2512 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1194141 (1.1 MiB) TX bytes:790942 (772.4 KiB)
############# Open another Putty session for FortiGate and execute ping 8.8.8.8, then run tcpdump -i nas1.10.
############# if the result below appears, then the traffic is routed via FEXT-VLAN.
~ # tcpdump -i nas1.10 <------------- Collecting TCP DUMP on the gateway interface
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on nas1.10, link-type EN10MB (Ethernet), capture size 262144 bytes
17:00:05.380712 ARP, Request who-has 100.68.104.32 tell 100.68.104.31, length 42
17:00:05.383911 ARP, Reply 100.68.104.32 is-at 70:4c:a5:e7:cc:7c (oui Unknown), length 42
17:00:05.385977 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3584, seq 0, length 64
17:00:05.589579 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3584, seq 0, length 64
17:00:06.370871 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3584, seq 1, length 64
17:00:06.426465 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3584, seq 1, length 64
17:00:07.370879 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3584, seq 2, length 64
17:00:07.427318 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3584, seq 2, length 64
17:00:08.370890 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3584, seq 3, length 64
17:00:08.426194 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3584, seq 3, length 64
17:00:09.370881 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3584, seq 4, length 64
17:00:09.425959 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3584, seq 4, length 64
17:00:12.315508 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3840, seq 0, length 64
17:00:12.365688 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3840, seq 0, length 64
17:00:13.311001 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3840, seq 1, length 64
17:00:14.310897 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3840, seq 2, length 64
17:00:15.310916 IP 100.68.104.31 > 8.8.8.8: ICMP echo request, id 3840, seq 3, length 64
17:00:15.375068 IP 8.8.8.8 > 100.68.104.31: ICMP echo reply, id 3840, seq 3, length 64
^C
18 packets captured
18 packets received by filter
0 packets dropped by kernel
~ # exit