Firewall: FortiGate 60F
Firmware: 6.4.8 Build 1914 (GA)
Mode: NAT
NGFW Mode: Profile-based
Central SNAT: Enabled
Switches: S148FP
Switches Firmware: S148FP-v7.0.2-build0049
Issue: VLAN 30 (Workstations) cannot add a printer via TCPIP to VLAN 60 (Printers)
Firewall Policy is set to wide open for traffic to pass either way, but cannot connect any printer.
I have tried to use a NAT rule going both ways with no luck.
Also tried a multicast policy both way with no luck.
Been going back and fourth with a Fortinet tech but have gotten no where.
If more details are required, please let me know.
Any advise would be appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
OK so that's a packet sniff output. Please go to that doc and do the steps in Step 4 which would be a flow trace.
Here's what it would look like:
diag debug enable
diagnose debug flow filter saddr 10.100.30.22
diagnose debug flow filter daddr 10.100.60.40
diag debug flow show iprope enable
diag debug flow trace start 100
diag debug enable
Please confirm source address (Saddr) and dest address (daddr) makes sense. daddr should be your printer.
After you've entered those commands, run an attempt to add the printer and paste the debug output.
Also of note, the output of the packet cap you pasted only shows SNMP traffic.
Part 1:
# 2022-10-04 13:32:51 id=20085 trace_id=401 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62049->10.100.60.40:161) from Workstations. "
2022-10-04 13:32:51 id=20085 trace_id=401 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b258"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:32:51 id=20085 trace_id=401 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=401 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62049"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=401 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:32:51 id=20085 trace_id=401 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:32:51 id=20085 trace_id=401 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 13:32:51 id=20085 trace_id=402 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62050->10.100.60.40:161) from Workstations. "
2022-10-04 13:32:51 id=20085 trace_id=402 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b259"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:32:51 id=20085 trace_id=402 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=402 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62050"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=402 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:32:51 id=20085 trace_id=402 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:32:51 id=20085 trace_id=402 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 13:32:51 id=20085 trace_id=403 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62051->10.100.60.40:161) from Workstations. "
2022-10-04 13:32:51 id=20085 trace_id=403 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b25a"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:32:51 id=20085 trace_id=403 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=403 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62051"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:32:51 id=20085 trace_id=403 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:32:51 id=20085 trace_id=403 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:32:51 id=20085 trace_id=403 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
"
FT-FW-FORT01 # 2022-10-04 13:33:51 id=20085 trace_id=404 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62052->10.100.60.40:161) from Workstations. "
2022-10-04 13:33:51 id=20085 trace_id=404 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b838"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:33:51 id=20085 trace_id=404 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=404 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62052"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=404 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:33:51 id=20085 trace_id=404 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:33:51 id=20085 trace_id=404 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 13:33:51 id=20085 trace_id=405 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62053->10.100.60.40:161) from Workstations. "
2022-10-04 13:33:51 id=20085 trace_id=405 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b839"
Part 2:
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:33:51 id=20085 trace_id=405 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=405 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62053"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=405 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:33:51 id=20085 trace_id=405 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:33:51 id=20085 trace_id=405 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 13:33:51 id=20085 trace_id=406 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.30.22:62054->10.100.60.40:161) from Workstations. "
2022-10-04 13:33:51 id=20085 trace_id=406 func=init_ip_session_common line=5898 msg="allocate a new session-0af7b83b"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_dnat_check line=5038 msg="in-[Workstations], out-[]"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_dnat_tree_check line=830 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_dnat_check line=5051 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2022-10-04 13:33:51 id=20085 trace_id=406 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.60.40 via Printers"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_fwd_check line=764 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_tree_check line=561 msg="gnum-100004, use addr/intf hash, len=6"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-100004 policy-25, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_user_identity_check line=1768 msg="ret-matched"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check line=2194 msg="gnum-4e20, check-ffffffbffc026b30"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check line=2213 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=406 func=get_new_addr line=1184 msg="find SNAT: IP-10.100.60.1(from IPPOOL), port-62054"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=2165 msg="policy-25 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_fwd_check line=805 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_fwd_auth_check line=824 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-25"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_shaping_check line=913 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check line=2194 msg="gnum-100015, check-ffffffbffc027aa8"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check line=2213 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_policy_group_check line=4488 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_reverse_dnat_check line=1260 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_reverse_dnat_tree_check line=923 msg="len=0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=iprope_central_nat_check line=1283 msg="in-[Workstations], out-[Printers], skb_flags-02000000, vid-0"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-1, ret-no-match, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=1951 msg="checked gnum-10000d policy-0, ret-matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=__iprope_check_one_policy line=2165 msg="policy-0 is matched, act-accept"
2022-10-04 13:33:51 id=20085 trace_id=406 func=fw_snat_check line=501 msg="NAT disabled by central SNAT policy!"
2022-10-04 13:33:51 id=20085 trace_id=406 func=fw_forward_handler line=799 msg="Allowed by Policy-25:"
2022-10-04 13:33:51 id=20085 trace_id=406 func=ipd_post_route_handler line=490 msg="out Printers vwl_zone_id 0, state2 0x1, quality 0.
Created on 10-04-2022 11:04 AM Edited on 10-04-2022 11:04 AM
Looks like SNMP traffic is being sent by windows to determine if printer is offline. It also looks like your Central NAT is applying SNAT on the return traffic breaking the SNMP communication.
Can you post screen shot or output of your Central NAT config?
show firewall central-snat-map
config firewall central-snat-map
edit 2
set uuid f59f132a-67f6-51eb-5165-ebde43ec3727
set srcintf "Legacy"
set dstintf "wan1"
set orig-addr "Internal_IP-Website"
set dst-addr "all"
set nat-ippool "External_IP-Website"
next
edit 3
set uuid 109b99aa-67f7-51eb-66a4-e1b0adf60077
set srcintf "Legacy"
set dstintf "wan1"
set orig-addr "Internal_IP-Exchange"
set dst-addr "all"
set nat-ippool "External_IP-Exchange"
next
edit 1
set uuid 7b5bd8cc-67f2-51eb-0e70-403477a477a1
set srcintf "Freer Guest" "Freer WiFi" "Legacy" "internal" "Workstations" "IOT" "Storage" "Printers" "Servers"
set dstintf "wan1"
set orig-addr "all"
set dst-addr "all"
next
end
Can you do flow trace again but with the reverse saddr and daddrs? So:
diag debug enable
diagnose debug flow filter daddr 10.100.30.22
diagnose debug flow filter saddr 10.100.60.40
diag debug flow show iprope enable
diag debug flow trace start 100
diag debug enable
# 2022-10-04 15:09:03 id=20085 trace_id=407 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:554
39) from Printers. "
2022-10-04 15:09:03 id=20085 trace_id=407 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98570, reply direction"
2022-10-04 15:09:03 id=20085 trace_id=407 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:09:03 id=20085 trace_id=407 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:09:03 id=20085 trace_id=407 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:09:03 id=20085 trace_id=407 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 15:09:03 id=20085 trace_id=408 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:55440) from Printe
rs. "
2022-10-04 15:09:03 id=20085 trace_id=408 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98571, reply direction"
2022-10-04 15:09:03 id=20085 trace_id=408 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:09:03 id=20085 trace_id=408 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:09:03 id=20085 trace_id=408 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:09:03 id=20085 trace_id=408 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 15:09:03 id=20085 trace_id=409 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:55441) from Printe
rs. "
2022-10-04 15:09:03 id=20085 trace_id=409 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98572, reply direction"
2022-10-04 15:09:03 id=20085 trace_id=409 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:09:03 id=20085 trace_id=409 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:09:03 id=20085 trace_id=409 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:09:03 id=20085 trace_id=409 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 15:10:03 id=20085 trace_id=410 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:59786) from Printe
rs. "
2022-10-04 15:10:03 id=20085 trace_id=410 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98a9b, reply direction"
2022-10-04 15:10:03 id=20085 trace_id=410 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:10:03 id=20085 trace_id=410 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:10:03 id=20085 trace_id=410 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:10:03 id=20085 trace_id=410 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 15:10:03 id=20085 trace_id=411 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:59787) from Printe
rs. "
2022-10-04 15:10:03 id=20085 trace_id=411 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98a9c, reply direction"
2022-10-04 15:10:03 id=20085 trace_id=411 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:10:03 id=20085 trace_id=411 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:10:03 id=20085 trace_id=411 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:10:03 id=20085 trace_id=411 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
2022-10-04 15:10:03 id=20085 trace_id=412 func=print_pkt_detail line=5727 msg="vd-root:0 received a packet(proto=17, 10.100.60.40:161->10.100.30.22:59788) from Printe
rs. "
2022-10-04 15:10:03 id=20085 trace_id=412 func=resolve_ip_tuple_fast line=5808 msg="Find an existing session, id-0af98a9d, reply direction"
2022-10-04 15:10:03 id=20085 trace_id=412 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.100.30.22 via Workstations"
2022-10-04 15:10:03 id=20085 trace_id=412 func=npu_handle_session44 line=1161 msg="Trying to offloading session from Printers to Workstations, skb.npu_flag=00000000 s
es.state=00010204 ses.npu_state=0x00000000"
2022-10-04 15:10:03 id=20085 trace_id=412 func=fw_forward_dirty_handler line=397 msg="state=00010204, state2=00000001, npu_state=00000000"
2022-10-04 15:10:03 id=20085 trace_id=412 func=ipd_post_route_handler line=490 msg="out Workstations vwl_zone_id 0, state2 0x1, quality 0.
"
OK it seems windows is using SNMP to poll the printer to see if its online. The FGT is allowing this traffic. So we need to dig deeper to figure out what SNMP is saying and why windows thinks printer is offline.
Can you do a packet capture from the GUI with the appropriate filters for your workstation and printer IP only and UDP port 161. Start the packet cap, try and add the printer, then stop the packet cap and download the pcap and post it here please.
No. Time Source Destination Protocol Length Info
1 0.000000 10.100.30.43 10.100.60.40 SNMP 89 get-request 1.3.6.1.2.1.43.5.1.1.2.1
Frame 1: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.43, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 49261, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
2 0.000987 10.100.60.40 10.100.30.43 SNMP 90 get-response 1.3.6.1.2.1.43.5.1.1.2.1
Frame 2: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.43
User Datagram Protocol, Src Port: 161, Dst Port: 49261
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
3 0.001567 10.100.30.43 10.100.60.40 SNMP 90 get-request 1.3.6.1.2.1.43.7.1.1.4.1.1
Frame 3: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
Ethernet II, Src: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.43, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 49262, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
4 0.002516 10.100.60.40 10.100.30.43 SNMP 92 get-response 1.3.6.1.2.1.43.7.1.1.4.1.1
Frame 4: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.43
User Datagram Protocol, Src Port: 161, Dst Port: 49262
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
5 0.003140 10.100.30.43 10.100.60.40 SNMP 571 set-request 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
Frame 5: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits)
Ethernet II, Src: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.43, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 49263, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
6 0.005329 10.100.60.40 10.100.30.43 SNMP 571 get-response 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
Frame 6: 571 bytes on wire (4568 bits), 571 bytes captured (4568 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: HewlettP_3c:9d:52 (2c:27:d7:3c:9d:52)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.43
User Datagram Protocol, Src Port: 161, Dst Port: 49263
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
7 19.599145 10.100.30.22 10.100.60.40 SNMP 88 get-request 1.3.6.1.2.1.43.5.1.1.2.1
Frame 7: 88 bytes on wire (704 bits), 88 bytes captured (704 bits)
Ethernet II, Src: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.22, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 53785, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
8 19.600132 10.100.60.40 10.100.30.22 SNMP 89 get-response 1.3.6.1.2.1.43.5.1.1.2.1
Frame 8: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.22
User Datagram Protocol, Src Port: 161, Dst Port: 53785
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
9 19.600630 10.100.30.22 10.100.60.40 SNMP 89 get-request 1.3.6.1.2.1.43.7.1.1.4.1.1
Frame 9: 89 bytes on wire (712 bits), 89 bytes captured (712 bits)
Ethernet II, Src: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.22, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 53786, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
10 19.601582 10.100.60.40 10.100.30.22 SNMP 91 get-response 1.3.6.1.2.1.43.7.1.1.4.1.1
Frame 10: 91 bytes on wire (728 bits), 91 bytes captured (728 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.22
User Datagram Protocol, Src Port: 161, Dst Port: 53786
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
11 19.602165 10.100.30.22 10.100.60.40 SNMP 570 set-request 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
Frame 11: 570 bytes on wire (4560 bits), 570 bytes captured (4560 bits)
Ethernet II, Src: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88), Dst: Fortinet_47:fd:88 (e0:23:ff:47:fd:88)
Internet Protocol Version 4, Src: 10.100.30.22, Dst: 10.100.60.40
User Datagram Protocol, Src Port: 53787, Dst Port: 161
Simple Network Management Protocol
No. Time Source Destination Protocol Length Info
12 19.604350 10.100.60.40 10.100.30.22 SNMP 570 get-response 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0 1.3.6.1.4.1.2435.2.3.9.2.11.1.1.0
Frame 12: 570 bytes on wire (4560 bits), 570 bytes captured (4560 bits)
Ethernet II, Src: Fortinet_47:fd:88 (e0:23:ff:47:fd:88), Dst: Giga-Byt_fd:76:88 (1c:1b:0d:fd:76:88)
Internet Protocol Version 4, Src: 10.100.60.40, Dst: 10.100.30.22
User Datagram Protocol, Src Port: 161, Dst Port: 53787
Simple Network Management Protocol
Please do it from the GUI and save the pcap as requested. I need to see the IP payload, not just the headers.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1528 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.