Description
config firewall policy
edit 2
set name "PC-Out"
set srcintf "lan"
set dstintf "wan1"
set srcaddr "PC"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
set fixedport enable
set ippool enable
set poolname "IPOOL-fixed-range"
next
config firewall ippool
edit "IPOOL-fixed-range"
set type fixed-port-range
set startip 172.25.188.15
set endip 172.25.188.15
set source-startip 192.168.2.169
set source-endip 192.168.2.169
next
end
2017-10-10 11:22:59 id=20085 trace_id=51 func=print_pkt_detail line=5282 msg="vd-root received a packet(proto=6, 192.168.2.169:57095->172.25.188.161:22) from lan. flag [.], seq 903968189, ack 4119169303, win 16439"
2017-10-10 11:22:59 id=20085 trace_id=51 func=resolve_ip_tuple_fast line=5357 msg="Find an existing session, id-00000fda, original direction"
2017-10-10 11:22:59 id=20085 trace_id=51 func=iprope_reverse_dnat_check line=1097 msg="in-[lan], out-[wan1], skb_flags-02000000, vid-0"
2017-10-10 11:22:59 id=20085 trace_id=51 func=fw_strict_dirty_session_check line=277 msg="SNAT port 57095 != 60437, drop"
2017-10-10 11:22:59 id=20085 trace_id=52 func=print_pkt_detail line=5282 msg="vd-root received a packet(proto=6, 192.168.2.169:57095->172.25.188.161:22) from lan. flag [.], seq 903968189, ack 4119169303, win 16439"
2017-10-10 11:22:59 id=20085 trace_id=52 func=vf_ip_route_input_common line=2576 msg="find a route: flag=04000000 gw-172.25.188.161 via wan1"
2017-10-10 11:22:59 id=20085 trace_id=52 func=fw_forward_dirty_handler line=337 msg="no session matched"
Solution
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.