Description
This article provides an example of WAD debugging for a complete HTTP flow for the Explicit Proxy Service on both FortiProxy and FortiGate.
Scope
FortiGate.
Solution
FortiProxy/FortiGate under the Explicit Proxy Service will act as an intermediary for requests from clients seeking resources from other servers.
FortiProxy/FortiGate also has the option to verify its cache before sending the request to the server if the webcache option is enabled.
The complete flow would be:
Use the following debugging command to display the HTTP flow for the Explicit Proxy Service:
diagnose debug disable
diagnose debug reset
diagnose wad debug enable category http
diagnose wad debug enable level info
diagnose debug enable
To stop the debug, run the commands:
diagnose debug disable
diagnose debug reset
Step 1: Receive an HTTP request from the client:
[0x7ff98710b050] Received request from client: 192.168.244.4:2052
GET http://www.example.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.example.com
Step 2: FortiProxy/FortiGate sends a DNS request for www.example.com:
[0x7ff98710b050] DNS request name=www.example.com len=10 type/pref=0/0
Step 3: FortiProxy/FortiGate sends an HTTP request to the www.example.com server:
[0x7ff98710b050] Connect to server: 184.29.23.193:80
[0x7ff98710b050] Forward request to server:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.example.com
DNT: 1
Connection: Keep-Alive
Step 4: FortiProxy/FortiGate receives an HTTP response from the server:
[0x7ff98710b050] Received response from server:
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT
ETag: "e0e1-58383ecc76c00"
Accept-Ranges: bytes
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
X-Akamai-Transformed: 9 - 0 pmb=mTOE,2
Date: Thu, 28 Mar 2019 02:06:48 GMT
Content-Length: 10427
Connection: keep-alive
Step 5: FortiProxy/FortiGate forwards the HTTP response to the client:
[0x7ff98710b050] Forward response from server:
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT
ETag: "e0e1-58383ecc76c00"
Accept-Ranges: bytes
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
X-Akamai-Transformed: 9 - 0 pmb=mTOE,2
Date: Thu, 28 Mar 2019 02:06:48 GMT
Content-Length: 10427
Note.
The WAD debugging index number [0x7ff98710b050] can be used as a reference for the WAD debugging line that relates to this Explicit Proxy flow.
The following commands are debug commands to filter the WAD flow output:
diagnose wad filter list <----- This will display the current filter for capture.
diagnose wad filter clear <----- This will clear the filter.
diagnose wad filter ? <----- This will display the list of possible filters available to apply.
For Example:
diagnose wad filter src "ip-address" <----- Source IP address (from).
diagnose wad debug enable category all <----- This will capture all types of debug messages.
diagnose wad debug enable level verbose <----- This will print the highest level of debug.
diagnose wad debug clear <----- This will clear and terminate the debug properly.
To dump WAD commands, the FortiGate first needs to enable the debug, otherwise, the FortiGate will not see any output:
diagnose debug enable
Note: For troubleshooting explicit proxy on FortiGate Chassis models, the same debug commands need to be applied within the FPC scope (Connecting to individual FPC CLIs) that is responsible for processing the traffic of interest. Load balancing and flow rules can be configured to direct the traffic to a single FPC to simplify debugging.
