Technical Tip: How to check incoming and outgoing interface based on session output
| Description | This article describes how to check the actual incoming and outgoing interfaces based on index values in session output. |
| Scope | FortiGate. |
| Solution | 'firewallgeeks.com' website will be reached, which will be resolved to '92.249.44.124' and observe incoming and outgoing interfaces based on the index values in the session list output.
Replication: Access the website 'firewallgeeks.com' from the internal machine, which will createa session in the firewall.
Execute the following commands to filter sessions associated with the website:
diagnose sys session filter clear <---- To clear existing session. diagnose sys session filter dst 92.249.44.124 <----- Web site IP. diagnose sys session lis
Once these commands are entered, the session output will focus on the highlighted output:
Here dev means interface:
Traffic is coming from index 6 to index 3, and reply traffic is coming from index 3 to index 6, and execute this command 'diagnose net interface list' to find out specific interfaces using index values
if=port4 family=00 type=1 index=6 mtu=1500 link=0 master=0 ref=41 state=start present fw_flags=0 flags=up broadcast run multicast
if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0 ref=77 state=start present fw_flags=8000000 flags=up broadcast run multicast
So from this output, traffic is coming from port4 to port1 and reply traffic is coming from port1 to port4. It is possible to match the firewall policy with the corresponding interfaces to allow the traffic. |