FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pareenat
Staff
Staff

Description

 

This article provides an example of wad debugging for a complete HTTP flow for the Explicit Proxy Service on both FortiProxy and FortiGate.


Solution

 

FortiProxy/FortiGate under the Explicit Proxy Service will act as an intermediary for requests from clients seeking resources from other servers.

FortiProxy/FortiGate also has the option to verify its own cache before sending the request to the server if the webcache option is enabled.

 

The complete flow would be:

 
Explicit_Proxy1.png
 

Use the following debugging command to display the HTTP flow for Explicit Proxy Service:

 

# diagnose wad debug enable category http

# diagnose wad debug enable level info

# diagnose debug enable

 

Step 1: Receive an HTTP request from the client:

 

[0x7ff98710b050] Received request from client: 192.168.244.4:2052

GET http://www.example.com/ HTTP/1.1

Accept: text/html, application/xhtml+xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Accept-Encoding: gzip, deflate

Host: www.example.com

 

Step 2: FortiProxy/FortiGate sends a DNS request for www.example.com:

 

[0x7ff98710b050] DNS request name=www.example.com len=10 type/pref=0/0

 

Step 3: FortiProxy/FortiGate sends an HTTP request to the www.example.com server:

 

[0x7ff98710b050] Connect to server: 184.29.23.193:80

[0x7ff98710b050] Forward request to server:

GET / HTTP/1.1

Accept: text/html, application/xhtml+xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Accept-Encoding: gzip, deflate

Host: www.example.com

DNT: 1

Connection: Keep-Alive

 

Step 4: FortiProxy/FortiGate receives an HTTP response from the server:

 

[0x7ff98710b050] Received response from server:

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT

ETag: "e0e1-58383ecc76c00"

Accept-Ranges: bytes

Content-Encoding: gzip

X-Frame-Options: SAMEORIGIN

Content-Type: text/html; charset=UTF-8

X-Akamai-Transformed: 9 - 0 pmb=mTOE,2

Date: Thu, 28 Mar 2019 02:06:48 GMT

Content-Length: 10427

Connection: keep-alive

 

Step 5: FortiProxy/FortiGate forwards the HTTP response to the client:

 

[0x7ff98710b050] Forward response from server:

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 07 Mar 2019 16:52:00 GMT

ETag: "e0e1-58383ecc76c00"

Accept-Ranges: bytes

Content-Encoding: gzip

X-Frame-Options: SAMEORIGIN

Content-Type: text/html; charset=UTF-8

X-Akamai-Transformed: 9 - 0 pmb=mTOE,2

Date: Thu, 28 Mar 2019 02:06:48 GMT

Content-Length: 10427

 

Note.

The wad debugging index number [0x7ff98710b050] can be use as a reference for the wad debugging line that relate to this Explicit Proxy flow.

 

The following commands are debug commands to filter the WAD flow output:

 

# di wad filter list <----- This will display the current filter for capture.

# diag wad filter clear <----- This will clear the filter.

# di wad filter ? <----- This will display the list of possible filters available to apply.

 

For Example:

 

# di wad filter src "ip-address" <----- Source IP address (from).

 

# diag wad debug enable category all <----- This will capture all type of debug messages.

# diag wad debug enable level verbose <----- This will print the highest level of debug.

# diag wad debug clear <----- This will clear and terminate the debug properly.

 

To dump WAD commands, the FortiGate first needs to enable the debug otherwise the FortiGate will not see any output:

 

 # diag debug enable