Hi All,
1. I'm very new to Fortigate
2. It's a Fortigate 60D
3. I did not configure the router myself and there is no document on how it was done :(
4. Some program wants to reach an external website on port 8008. Somehow I have the feeling that the Fortigate is not allowing that.
5. Can anyone point me in the right direction to check this 'blocking' behaviour and make sure this traffic is allowed?
All help appreciated,
Regards,
Gerard
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
1st welcome to the fortigate. The #1 dignostic command is the diag debug flow. It's a cli cmd so I 'm not aware of any means of running diagnostic from the WebGUI.
if you believe the fortigate is blocking this execute the command and review the output;
1st login into the cli ( ssh, or connectedconsole via the WEbGUI )
2nd reset the diagnostic and enable it
diag debug reset
diag debug enable
3rd in your case it's probably best to use the flow diagnostic with a filter
diag dbeug flow filter port 8080
Lastly you enable the diagnostic flow
diag debug flow show console enable
diag debug flow trace start 100
this will enable and capture the 1st 100 trace. if you need more trace run it with a hgher number. Now direct your client to trying to access port 8080 and monitor the diagnostic flow output on you screen.
When your done, you disable & reset the diagnostics;
diag debug reset
diag debug disable
PCNSE
NSE
StrongSwan
Hi
1st welcome to the fortigate. The #1 dignostic command is the diag debug flow. It's a cli cmd so I 'm not aware of any means of running diagnostic from the WebGUI.
if you believe the fortigate is blocking this execute the command and review the output;
1st login into the cli ( ssh, or connectedconsole via the WEbGUI )
2nd reset the diagnostic and enable it
diag debug reset
diag debug enable
3rd in your case it's probably best to use the flow diagnostic with a filter
diag dbeug flow filter port 8080
Lastly you enable the diagnostic flow
diag debug flow show console enable
diag debug flow trace start 100
this will enable and capture the 1st 100 trace. if you need more trace run it with a hgher number. Now direct your client to trying to access port 8080 and monitor the diagnostic flow output on you screen.
When your done, you disable & reset the diagnostics;
diag debug reset
diag debug disable
PCNSE
NSE
StrongSwan
Thank you so much for this answer.
I think the output proves the port we are using is not blocked but somehow gets scr*wed at the application server. Do I read that correctly?
FGT-MultiMetaal # diag debug flow trace start 100
FGT-MultiMetaal # id=13 trace_id=26 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=26 msg="allocate a new session-03392447" id=13 trace_id=26 msg="find a route: gw-139.156.151.64 via ppp1" id=13 trace_id=26 msg="use addr/intf hash, len=8" id=13 trace_id=26 msg="find SNAT: IP-92.68.113.25, port-61106" id=13 trace_id=26 msg="Allowed by Policy-11: AV SNAT" id=13 trace_id=26 msg="send to application layer" id=13 trace_id=27 msg="vd-root received a packet(proto=6, 93.92.98.119:8008->192.168.1.6:61106) from local." id=13 trace_id=27 msg="Find an existing session, id-03392447, reply direction" id=13 trace_id=28 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=28 msg="Find an existing session, id-03392447, original direction" id=13 trace_id=28 msg="send to application layer" id=13 trace_id=29 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=29 msg="Find an existing session, id-03392447, original direction" id=13 trace_id=29 msg="send to application layer" id=13 trace_id=30 msg="vd-root received a packet(proto=6, 93.92.98.119:8008->192.168.1.6:61106) from local." id=13 trace_id=30 msg="Find an existing session, id-03392447, reply direction" id=13 trace_id=31 msg="vd-root received a packet(proto=6, 93.92.98.119:8008->192.168.1.6:61106) from local." id=13 trace_id=31 msg="Find an existing session, id-03392447, reply direction" id=13 trace_id=32 msg="vd-root received a packet(proto=6, 93.92.98.119:8008->192.168.1.6:61106) from local." id=13 trace_id=32 msg="Find an existing session, id-03392447, reply direction" id=13 trace_id=33 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=33 msg="Find an existing session, id-03392447, original direction" id=13 trace_id=33 msg="send to application layer" id=13 trace_id=34 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=34 msg="Find an existing session, id-03392447, original direction" id=13 trace_id=34 msg="send to application layer" id=13 trace_id=35 msg="vd-root received a packet(proto=6, 192.168.1.6:61106->93.92.98.119:8008) from internal." id=13 trace_id=35 msg="Find an existing session, id-03392447, original direction" id=13 trace_id=35 msg="send to application layer" id=13 trace_id=36 msg="vd-root received a packet(proto=6, 93.92.98.119:8008->192.168.1.6:61106) from local." id=13 trace_id=36 msg="Find an existing session, id-03392447, reply direction" id=13 trace_id=37 msg="vd-root received a packet(proto=6, 149.210.170.14:8008->192.168.1.6:61103) from local." id=13 trace_id=37 msg="Find an existing session, id-0339242c, reply direction" id=13 trace_id=38 msg="vd-root received a packet(proto=6, 192.168.1.6:61103->149.210.170.14:8008) from internal." id=13 trace_id=38 msg="Find an existing session, id-0339242c, original direction" id=13 trace_id=38 msg="send to application layer" id=13 trace_id=39 msg="vd-root received a packet(proto=6, 192.168.1.6:61103->149.210.170.14:8008) from internal." id=13 trace_id=39 msg="Find an existing session, id-0339242c, original direction" id=13 trace_id=39 msg="send to application layer" id=13 trace_id=40 msg="vd-root received a packet(proto=6, 149.210.170.14:8008->192.168.1.6:61103) from local." id=13 trace_id=40 msg="Find an existing session, id-0339242c, reply direction"
Gerard
Not an answer to your question, but I would strongly urge you to change IP addresses and possibly names when posted in a public forum. That small bit of information together may give an undesirable enough information to do malicious deeds...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.