Created on
03-20-2023
11:09 PM
Edited on
09-14-2023
06:20 AM
By
Jean-Philippe_P
Description | This article illustrates two methods to find out the real SD-WAN interface number from the kernel interface index number which is shown in the session table. |
Scope | FortiGate. |
Solution |
Review the below example session table outcome for a session routed by the SD-WAN rule, note the IP addresses were substituted by characters for security reasons:
session info: proto=6 proto_state=05 duration=2 expire=0 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty f00 statistic(bytes/packets/allow_err): org=3809/14/1 reply=24914/22/1 tuples=2 tx speed(Bps/kbps): 1677/13 rx speed(Bps/kbps): 10975/87 orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x <<< This line shows the interface index numbers, explained in step 1 hook=post dir=org act=snat x.x.x.x:63232->y.y.y.y:443(z.z.z.z:63232) hook=pre dir=reply act=dnat y.y.y.y:443->z.z.z.z:63232(x.x.x.x:63232) pos/(before,after) 0/(0,0), 0/(0,0) misc=0 policy_id=6 pol_uuid_idx=14730 auth_info=0 chk_client_info=0 vd=0 serial=0013a5c6 tos=ff/ff app_list=0 app=0 url_cat=0 sdwan_mbr_seq=1 sdwan_service_id=1 <<< routing follows the SD-WAN rule number 1 and selected member is member 1 rpdb_link_id=ff000001 ngfwid=n/a npu_state=0x000100 no_ofld_reason: npu-flag-off
Below section is the routing, from interface index 11 to 3 and from 3 to 11.
orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x
Index 11 and index 3 are the kernel index numbers for the real interface numbers.
|