Created on 08-04-2022 10:43 PM Edited on 08-05-2022 02:33 AM By Anthony_E
This article describe what is local traffic used by Web CLI.
FortiGate inside socket for Web CLI port 8023.
CLI command output:
# diagnose sys tcpsock <----- Shows FortiGate open a port 8023 and listened by 127.0.0.1 for process httpclid.
127.0.0.1:8023->0.0.0.0:0->state=listen err=0 socktype=1 rma=0 wma=0 fma=0 tma=0 inode=41446 process=280/httpclid
- When packet sniffer is processed on FortiGate and Web CLI is tried to be controlled, It is showing 172.0.0.2 trying to connect to 172.0.01:8023:
2022-08-04 17:19:05.862687 root out 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336133 2022-08-04 17:19:05.862685 root in 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336133 2022-08-04 17:19:05.891723 root out 127.0.0.2.5922 -> 127.0.0.1.8023: psh 1170130219 ack 157336133 2022-08-04 17:19:05.891715 root in 127.0.0.2.5922 -> 127.0.0.1.8023: psh 1170130219 ack 157336133 2022-08-04 17:19:05.891785 root out 127.0.0.1.8023 -> 127.0.0.2.5922: psh 157336133 ack 1170130220 2022-08-04 17:19:05.891779 root in 127.0.0.1.8023 -> 127.0.0.2.5922: psh 157336133 ack 1170130220 2022-08-04 17:19:05.930007 root out 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336134 2022-08-04 17:19:05.930003 root in 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336134
- Therefore the traffic 127.0.0.2:X -> 27.0.0.1:8023 in FortiGate is used by WebCLI.
