Dear Friends,
I am facing the connectivity issue from 172.28.140.10 to 172.47.7.1 w.r.t port 6712.
Can you please help e understand the issue from below debug logs ?
2024-09-18 09:44:15 id=65308 trace_id=35526 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 1
72.28.140.10:19311->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 1197133717, ack 0, win 64240"
2024-09-18 09:44:15 id=65308 trace_id=35526 func=init_ip_session_common line=6020 msg="allocate a new session-2e378527"
2024-09-18 09:44:15 id=65308 trace_id=35526 func=vf_ip_route_input_common line=2612 msg="find a route: flag=00000000 gw-172.28.254.2
via wan2"
2024-09-18 09:44:15 id=65308 trace_id=35526 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=35, len=13"
2024-09-18 09:44:15 id=65308 trace_id=35526 func=fw_forward_handler line=985 msg="Allowed by Policy-345:"
2024-09-18 09:44:15 id=65308 trace_id=35526 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 10, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9312->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 2718409641, ack 0, win 64240"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=init_ip_session_common line=6020 msg="allocate a new session-2e3786a6"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=vf_ip_route_input_common line=2612 msg="find a route: flag=00000000 gw-172.28.254.2
via wan2"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=35, len=13"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=fw_forward_handler line=985 msg="Allowed by Policy-345:"
2024-09-18 09:44:16 id=65308 trace_id=35527 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 10, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:16 id=65308 trace_id=35528 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9311->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 1197133717, ack 0, win 64240"
2024-09-18 09:44:16 id=65308 trace_id=35528 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e378527, original
direction"
2024-09-18 09:44:16 id=65308 trace_id=35528 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:16 id=65308 trace_id=35528 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:16 id=65308 trace_id=35528 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:17 id=65308 trace_id=35529 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9312->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 2718409641, ack 0, win 64240"
2024-09-18 09:44:17 id=65308 trace_id=35529 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e3786a6, original
direction"
2024-09-18 09:44:17 id=65308 trace_id=35529 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:17 id=65308 trace_id=35529 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:17 id=65308 trace_id=35529 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:18 id=65308 trace_id=35530 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9311->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 1197133717, ack 0, win 64240"
2024-09-18 09:44:18 id=65308 trace_id=35530 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e378527, original
direction"
2024-09-18 09:44:18 id=65308 trace_id=35530 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:18 id=65308 trace_id=35530 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:18 id=65308 trace_id=35530 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:19 id=65308 trace_id=35531 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9312->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 2718409641, ack 0, win 64240"
2024-09-18 09:44:19 id=65308 trace_id=35531 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e3786a6, original
direction"
2024-09-18 09:44:19 id=65308 trace_id=35531 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:19 id=65308 trace_id=35531 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:19 id=65308 trace_id=35531 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.140.10:1
9313->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 3866270571, ack 0, win 64240"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=init_ip_session_common line=6020 msg="allocate a new session-2e379f0c"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=vf_ip_route_input_common line=2612 msg="find a route: flag=00000000 gw-172.28.254.2
via wan2"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=35, len=13"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=fw_forward_handler line=985 msg="Allowed by Policy-345:"
2024-09-18 09:44:21 id=65308 trace_id=35532 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 10, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
Ludhiana_HO # diagnose 2024-09-18 09:44:22 id=65308 trace_id=35533 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(p
roto=6, 172.28.140.10:19311->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 1197133717, ack 0, win 64240"
2024-09-18 09:44:22 id=65308 trace_id=35533 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e378527, original
direction"
2024-09-18 09:44:22 id=65308 trace_id=35533 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:22 id=65308 trace_id=35533 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:22 id=65308 trace_id=35533 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
debug 2024-09-18 09:44:24 id=65308 trace_id=35534 func=print_pkt_detail line=5836 msg="vd-root:0 received a packet(proto=6, 172.28.14
0.10:19313->172.47.7.1:6712) tun_id=0.0.0.0 from Lan-Zone. flag [S], seq 3866270571, ack 0, win 64240"
2024-09-18 09:44:24 id=65308 trace_id=35534 func=resolve_ip_tuple_fast line=5924 msg="Find an existing session, id-2e379f0c, original
direction"
2024-09-18 09:44:24 id=65308 trace_id=35534 func=npu_handle_session44 line=1213 msg="Trying to offloading session from Lan-Zone to wa
n2, skb.npu_flag=00000000 ses.state=04012204 ses.npu_state=0x00003094"
2024-09-18 09:44:24 id=65308 trace_id=35534 func=fw_forward_dirty_handler line=447 msg="state=04012204, state2=00000001, npu_state=00
003094"
2024-09-18 09:44:24 id=65308 trace_id=35534 func=np6_hif_nturbo_build_vtag line=1227 msg="vtag->magic d153beef, vtag->coretag 156, vt
ag->vid 0
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1500, vtag->flags 0, vtag->np6_flag 0x280, skb->npu_flag=0xc0880"
disable
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you saying you changed the either HTTPS or SSH admin access port to 6712 like below:
config system global
set admin-sport 6712
<or>
set admin-ssh-port 6712
end
then, trying to access the destination FGT?
But as the flow debug is showing, the destination FGT doesn't have a policy wan1---><target_interface>. If you still think you have it, show it to us in GUI or CLI.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.