Description
This article provides an example of WAD debugging for a complete HTTP flow for the Explicit Proxy Service on both FortiProxy and FortiGate.
Scope
FortiGate.
Solution
FortiProxy/FortiGate under the Explicit Proxy Service will act as an intermediary for requests from clients seeking resources from other servers.
FortiProxy/FortiGate also has the option to verify its cache before sending the request to the server if the webcache option is enabled.
The complete flow would be:
Use the following debugging command to display the HTTP flow for Explicit Proxy Service:
diagnose debug disable
diagnose debug reset
diagnose wad debug enable category http
diagnose wad debug enable level info
diagnose debug enable
To stop the debug run the commands:
diagnose debug disable
diagnose debug reset
Step 1: Receive an HTTP request from the client:
[0x7ff98710b050] Received request from client: 192.168.244.4:2052
GET http://www.example.com/ HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.example.com
Step 2: FortiProxy/FortiGate sends a DNS request for www.example.com:
[0x7ff98710b050] DNS request name=www.example.com len=10 type/pref=0/0
Step 3: FortiProxy/FortiGate sends an HTTP request to the www.example.com server:
[0x7ff98710b050] Connect to server: 184.29.23.193:80
[0x7ff98710b050] Forward request to server:
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.example.com
DNT: 1
Connection: Keep-Alive
Step 4: FortiProxy/FortiGate receives an HTTP response from the server:
[0x7ff98710b050] Received response from server:
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT
ETag: "e0e1-58383ecc76c00"
Accept-Ranges: bytes
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
X-Akamai-Transformed: 9 - 0 pmb=mTOE,2
Date: Thu, 28 Mar 2019 02:06:48 GMT
Content-Length: 10427
Connection: keep-alive
Step 5: FortiProxy/FortiGate forwards the HTTP response to the client:
[0x7ff98710b050] Forward response from server:
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT
ETag: "e0e1-58383ecc76c00"
Accept-Ranges: bytes
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
X-Akamai-Transformed: 9 - 0 pmb=mTOE,2
Date: Thu, 28 Mar 2019 02:06:48 GMT
Content-Length: 10427
Note.
The wad debugging index number [0x7ff98710b050] can be used as a reference for the wad debugging line that relates to this Explicit Proxy flow.
The following commands are debug commands to filter the WAD flow output:
diagnose wad filter list <----- This will display the current filter for capture.
diagnose wad filter clear <----- This will clear the filter.
diagnose wad filter ? <----- This will display the list of possible filters available to apply.
For Example:
diagnose wad filter src "ip-address" <----- Source IP address (from).
diagnose wad debug enable category all <----- This will capture all type of debug messages.
diagnose wad debug enable level verbose <----- This will print the highest level of debug.
diagnose wad debug clear <----- This will clear and terminate the debug properly.
To dump WAD commands, the FortiGate first needs to enable the debug otherwise the FortiGate will not see any output:
diagnose debug enable
