This article describe what is local traffic used by Web CLI.
FortiGate inside socket for Web CLI port 8023.
CLI command output:
# diagnose sys tcpsock <----- Shows FortiGate open a port 8023 and listened by 127.0.0.1 for process httpclid.
127.0.0.1:8023->0.0.0.0:0->state=listen err=0 socktype=1 rma=0 wma=0 fma=0 tma=0 inode=41446 process=280/httpclid
- When packet sniffer is processed on FortiGate and Web CLI is tried to be controlled, It is showing 184.108.40.206 trying to connect to 172.0.01:8023:
2022-08-04 17:19:05.862687 root out 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336133
- Therefore the traffic 127.0.0.2:X -> 220.127.116.11:8023 in FortiGate is used by WebCLI.