Can't see traffic exiting via WAN interface

Question

Hi,

I'm debbugging some traffic from switch interface (lan) to port12 interface (wan).

Port14 is not an Asic interface:

FGT # diagnose npu np2 list ID PORTS -- ----- 0 port13 0 port14 0 port15 0 port16

Despite that I don't see traffic going out of it when I do debug flow of traffic.

Can someone explain why and how I can do that? (I usually am able to see if on other FGTs)

Thanks!!

func=print_pkt_detail line=4313 msg="vd-root received a packet(proto=6, 10.2.13.155:2465->X.X.X.108:80) from switch. flag ~~, seq 103793229, ack 0, win 64512"~~ func=init_ip_session_common line=4469 msg="allocate a new session-048c53d0" func=vf_ip4_route_input line=1600 msg="find a route: flags=00000000 gw-Y.Y.Y.193 via port12" func=get_new_addr line=2485 msg="find SNAT: IP-Y.Y.Y.194(from IPPOOL), port-62881" func=fw_forward_handler line=685 msg="Allowed by Policy-130: SNAT" func=__ip_session_run_tuple line=2471 msg="SNAT 10.2.13.155->Y.Y.Y.194:62881" [size="1"]func=print_pkt_detail line=4313 msg="vd-root received a packet(proto=6, 10.2.13.155:2465->X.X.X.108:80) from switch. flag [.], seq 103793230, ack 3717267935, win 64512"[/size] func=resolve_ip_tuple_fast line=4372 msg="Find an existing session, id-048c53d0, original direction" func=__ip_session_run_tuple line=2471 msg="SNAT 10.2.13.155->Y.Y.Y.194:62881" [size="1"]func=print_pkt_detail line=4313 msg="vd-root received a packet(proto=6, 10.2.13.155:2465->X.X.X.108:80) from switch. flag [.], seq 103793230, ack 3717267935, win 64512"[/size] func=resolve_ip_tuple_fast line=4372 msg="Find an existing session, id-048c53d0, original direction" func=__ip_session_run_tuple line=2471 msg="SNAT 10.2.13.155->Y.Y.Y.194:62881" func=print_pkt_detail line=4313 msg="vd-root received a packet(proto=6, 10.2.13.155:2466->X.X.X.84:443) from switch. flag ~~, seq 1083861524, ack 0, win 64512"~~ func=init_ip_session_common line=4469 msg="allocate a new session-048c53d6" func=vf_ip4_route_input line=1600 msg="find a route: flags=00000000 gw-Y.Y.Y.193 via port12" func=get_new_addr line=2485 msg="find SNAT: IP-Y.Y.Y.194(from IPPOOL), port-62882" func=fw_forward_handler line=685 msg="Allowed by Policy-130: SNAT"

diag sniff: (I see only switch interface)

4.414487 switch -- 10.2.13.155.2686 -> X.X.X.108.80: psh 1669007057 ack 1616899503 4.475712 switch -- X.X.X.108.80 -> 10.2.13.155.2686: psh 1616899503 ack 1669007626 4.478615 switch -- 10.2.13.155.2689 -> X.X.X.84.443: syn 456152259 4.642110 switch -- 10.2.13.155.2686 -> X.X.X.108.80: ack 1616899877 7.485525 switch -- 10.2.13.155.2689 -> X.X.X.84.443: syn 456152259 13.500118 switch -- 10.2.13.155.2689 -> X.X.X.84.443: syn 456152259

emnoc · Answer

Qs: [ul]What model and fortiOS version?[/ul][ul]Have you had any other problems or upgrades ( i.e 5.2.4 )[/ul][ul]or is this a new problem?[/ul][ul]Are you running a virtual-cluster ?have you check for PBR or static routes or balckhole routes?[/ul] When you monitor firewall session table are you finding a match in the session table ?hint: use the diag system session  filter

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded