Created on 08-04-2022 10:43 PM Edited on 01-15-2025 06:05 AM By Stephen_G
This article describe what is local traffic used by Web CLI.
FortiGate inside socket for Web CLI port 8023.
CLI command output:
diagnose sys tcpsock <- Shows FortiGate open a port 8023 and listened by 127.0.0.1 for process httpclid.
127.0.0.1:8023->0.0.0.0:0->state=listen err=0 socktype=1 rma=0 wma=0 fma=0 tma=0 inode=41446 process=280/httpclid
When packet sniffer is processed on FortiGate and the Web CLI is tried to be controlled, it shows 127.0.0.2, trying to connect to 127.0.01:8023:
2022-08-04 17:19:05.862687 root out 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336133 2022-08-04 17:19:05.862685 root in 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336133 2022-08-04 17:19:05.891723 root out 127.0.0.2.5922 -> 127.0.0.1.8023: psh 1170130219 ack 157336133 2022-08-04 17:19:05.891715 root in 127.0.0.2.5922 -> 127.0.0.1.8023: psh 1170130219 ack 157336133 2022-08-04 17:19:05.891785 root out 127.0.0.1.8023 -> 127.0.0.2.5922: psh 157336133 ack 1170130220 2022-08-04 17:19:05.891779 root in 127.0.0.1.8023 -> 127.0.0.2.5922: psh 157336133 ack 1170130220 2022-08-04 17:19:05.930007 root out 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336134 2022-08-04 17:19:05.930003 root in 127.0.0.2.5922 -> 127.0.0.1.8023: ack 157336134
Therefore, the traffic 127.0.0.2:X -> 27.0.0.1:8023 in FortiGate is used by WebCLI.
You are leaving our site and we cannot be held responsible for the content of external websites
