Staff

Technical Tip: How to find the VDOM index

Forum|Forum|16 years ago
April 28, 2010
0 replies
15270 views

Description

This article describes how to find the VDOM index so it can be used for some diagnose commands filters.

Scope

FortiOS.

Solution

The VDOM index might be needed to be used on executing different commands on the FortiGate.

As an example:

FortiGate # diagnose sys session filter ?

vd Index of virtual domain. -1 matches all.

.........

The VDOM name(s) and the index(es) can be seen by running the following CLI command in the global context:

diagnose sys vd list

Example in older FortiOS versions:

FortiGate # config global
FortiGate(global) # diagnose sys vd list

system fib version=136
list virtual firewall info:
[...]
name=VD2 index=5 enabled use=19 rt_num=3 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
        ecmp=source-ip-based asym_rt6=0 rt6_num=8 strict_src_check=0 ses_num=0 ses6_num=0
        tree_flag=0
name=VD1 index=4 enabled use=18 rt_num=3 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
        ecmp=source-ip-based asym_rt6=0 rt6_num=8 strict_src_check=0 ses_num=1 ses6_num=0
        tree_flag=0

The same command is still used on newer versions of the FortiOS.

As an example, on v7.2.13, the output will look as follows:

FortiGate (global) # diagnose sys vd list
system fib version=25
list virtual firewall info:
name=root/root index=0 enabled fib_ver=0 rpdb_ver=0 use=37 rt_num=8 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based, ecmp6=source-ip-based asym_rt6=0 rt6_num=11 strict_src_check=0 dns_log=1 ses_num=31 ses6_num=27 pkt_num=104525313
tree_flag=1 tree6_flag=1 traffic_log=1 extended_traffic_log=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0 central_nat=0 policy_mode_ngfw=0 block_land_attack=0 link_check_local_in=1
gtp_asym_fgsp=no
fw_session_hairpin=no keep-PRP-trailer=0 auxiliary_ses=0 dup_num=2
ipv4_rate=0, ipv6_rate=0, mcast6-PMTU=0, allow_linkdown_path=0
per_policy_disclaimer=0

name=vsys_ha/vsys_ha index=1 enabled fib_ver=1 rpdb_ver=1 use=6 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based, ecmp6=source-ip-based asym_rt6=0 rt6_num=1 strict_src_check=0 dns_log=0 ses_num=0 ses6_num=0 pkt_num=4
tree_flag=0 tree6_flag=0 traffic_log=0 extended_traffic_log=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0 central_nat=0 policy_mode_ngfw=0 block_land_attack=0 link_check_local_in=1
gtp_asym_fgsp=no
fw_session_hairpin=no keep-PRP-trailer=0 auxiliary_ses=0 dup_num=0
ipv4_rate=0, ipv6_rate=0, mcast6-PMTU=0, allow_linkdown_path=0
per_policy_disclaimer=0
ha_flags={no-ses-sync,no-ses-flush,no-ha-stats} mode=standalone ha_state=work prio=0 vid=1

name=vsys_fgfm/vsys_fgfm index=2 enabled fib_ver=0 rpdb_ver=0 use=5 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based, ecmp6=source-ip-based asym_rt6=0 rt6_num=1 strict_src_check=0 dns_log=0 ses_num=0 ses6_num=0 pkt_num=1
tree_flag=0 tree6_flag=0 traffic_log=0 extended_traffic_log=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0 central_nat=0 policy_mode_ngfw=0 block_land_attack=0 link_check_local_in=1
gtp_asym_fgsp=no
fw_session_hairpin=no keep-PRP-trailer=0 auxiliary_ses=0 dup_num=0
ipv4_rate=0, ipv6_rate=0, mcast6-PMTU=0, allow_linkdown_path=0
per_policy_disclaimer=0
mode=standalone ha_state=work prio=0 vid=1
vf_count=4 vfe_count=0

name=A/A index=3 enabled fib_ver=0 rpdb_ver=0 use=8 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based, ecmp6=source-ip-based asym_rt6=0 rt6_num=1 strict_src_check=0 dns_log=1 ses_num=0 ses6_num=1 pkt_num=11
tree_flag=1 tree6_flag=1 traffic_log=1 extended_traffic_log=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0 central_nat=0 policy_mode_ngfw=0 block_land_attack=0 link_check_local_in=1
gtp_asym_fgsp=no
fw_session_hairpin=no keep-PRP-trailer=0 auxiliary_ses=0 dup_num=0
ipv4_rate=0, ipv6_rate=0, mcast6-PMTU=0, allow_linkdown_path=0
per_policy_disclaimer=0

name=B/B index=4 enabled fib_ver=0 rpdb_ver=0 use=8 rt_num=0 asym_rt=0 sip_helper=0, sip_nat_trace=1, mc_fwd=0, mc_ttl_nc=0, tpmc_sk_pl=0
ecmp=source-ip-based, ecmp6=source-ip-based asym_rt6=0 rt6_num=1 strict_src_check=0 dns_log=1 ses_num=0 ses6_num=1 pkt_num=11
tree_flag=1 tree6_flag=1 traffic_log=1 extended_traffic_log=0
log_neigh=0, deny_tcp_with_icmp=0 ses_denied_traffic=no tcp_no_syn_check=0 central_nat=0 policy_mode_ngfw=0 block_land_attack=0 link_check_local_in=1
gtp_asym_fgsp=no
fw_session_hairpin=no keep-PRP-trailer=0 auxiliary_ses=0 dup_num=0
ipv4_rate=0, ipv6_rate=0, mcast6-PMTU=0, allow_linkdown_path=0
per_policy_disclaimer=0
vf_count=6 vfe_count=0

The same behavior is seen on branches 7.4 and 7.6 of the FortiOS.

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded