Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hoanbc
New Contributor

Created on ‎11-26-2020 03:33 AM

RPF notworking on FortiOS 6.4

Hi community.

 

I was teast feature RPF on fortiOS 6.4 but i think this notwork. Someone can check it?

 

I flow this website: https://kb.fortinet.com/k....do?externalID=FD30543

 

My log:

# Enable RPF and Enable Route id=20085 trace_id=308 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11489->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11489, seq=1." id=20085 trace_id=308 func=init_ip_session_common line=5836 msg="allocate a new session-00000d55" id=20085 trace_id=308 func=vf_ip_route_input_common line=2584 msg="find a route: flag=00000000 gw-192.168.50.1 via port1" id=20085 trace_id=308 func=fw_forward_handler line=796 msg="Allowed by Policy-3: SNAT" id=20085 trace_id=308 func=__ip_session_run_tuple line=3453 msg="SNAT 10.10.20.20->192.168.50.197:11489" id=20085 trace_id=308 func=ipd_post_route_handler line=490 msg="out port1 vwl_zone_id 0, state2 0x0, quality 0. " id=20085 trace_id=309 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11489->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11489, seq=2." id=20085 trace_id=309 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000d55, original direction" id=20085 trace_id=309 func=ipv4_fast_cb line=53 msg="enter fast path" id=20085 trace_id=309 func=ip_session_run_all_tuple line=6936 msg="SNAT 10.10.20.20->192.168.50.197:11489" id=20085 trace_id=310 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11489->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11489, seq=3." id=20085 trace_id=310 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000d55, original direction" id=20085 trace_id=310 func=ipv4_fast_cb line=53 msg="enter fast path"

# Enable RPF and Disable Route test # id=20085 trace_id=313 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11502->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11502, seq=1." id=20085 trace_id=313 func=init_ip_session_common line=5836 msg="allocate a new session-00000e52" id=20085 trace_id=313 func=vf_ip_route_input_common line=2584 msg="find a route: flag=00000000 gw-192.168.50.1 via port1" id=20085 trace_id=313 func=fw_forward_handler line=796 msg="Allowed by Policy-3: SNAT" id=20085 trace_id=313 func=__ip_session_run_tuple line=3453 msg="SNAT 10.10.20.20->192.168.50.197:11502" id=20085 trace_id=313 func=ipd_post_route_handler line=490 msg="out port1 vwl_zone_id 0, state2 0x0, quality 0. " id=20085 trace_id=314 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11502->1.1.1.1:2048) from DMZ N etwork. type=8, code=0, id=11502, seq=2." id=20085 trace_id=314 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000e52, original direction" id=20085 trace_id=314 func=ipv4_fast_cb line=53 msg="enter fast path" id=20085 trace_id=314 func=ip_session_run_all_tuple line=6936 msg="SNAT 10.10.20.20->192.168.50.197:11502" id=20085 trace_id=315 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11502->1.1.1.1:2048) from DMZ N etwork. type=8, code=0, id=11502, seq=3." id=20085 trace_id=315 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000e52, original direction" id=20085 trace_id=315 func=ipv4_fast_cb line=53 msg="enter fast path"

# Disable RPF and Disable Route test # id=20085 trace_id=323 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11506->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11506, seq=1." id=20085 trace_id=323 func=init_ip_session_common line=5836 msg="allocate a new session-00000f80" id=20085 trace_id=323 func=vf_ip_route_input_common line=2584 msg="find a route: flag=00000000 gw-192.168.50.1 via port1" id=20085 trace_id=323 func=fw_forward_handler line=796 msg="Allowed by Policy-3: SNAT" id=20085 trace_id=323 func=__ip_session_run_tuple line=3453 msg="SNAT 10.10.20.20->192.168.50.197:11506" id=20085 trace_id=323 func=ipd_post_route_handler line=490 msg="out port1 vwl_zone_id 0, state2 0x0, quality 0. " id=20085 trace_id=324 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11506->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11506, seq=2." id=20085 trace_id=324 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000f80, original direction" id=20085 trace_id=324 func=ipv4_fast_cb line=53 msg="enter fast path" id=20085 trace_id=324 func=ip_session_run_all_tuple line=6936 msg="SNAT 10.10.20.20->192.168.50.197:11506" id=20085 trace_id=325 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11506->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11506, seq=3." id=20085 trace_id=325 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000f80, original direction" id=20085 trace_id=325 func=ipv4_fast_cb line=53 msg="enter fast path"

# Disable RPF and Enable Route test # id=20085 trace_id=328 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11508->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11508, seq=1." id=20085 trace_id=328 func=init_ip_session_common line=5836 msg="allocate a new session-00000fe0" id=20085 trace_id=328 func=vf_ip_route_input_common line=2584 msg="find a route: flag=00000000 gw-192.168.50.1 via port1" id=20085 trace_id=328 func=fw_forward_handler line=796 msg="Allowed by Policy-3: SNAT" id=20085 trace_id=328 func=__ip_session_run_tuple line=3453 msg="SNAT 10.10.20.20->192.168.50.197:11508" id=20085 trace_id=328 func=ipd_post_route_handler line=490 msg="out port1 vwl_zone_id 0, state2 0x0, quality 0. " id=20085 trace_id=329 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11508->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11508, seq=2." id=20085 trace_id=329 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000fe0, original direction" id=20085 trace_id=329 func=ipv4_fast_cb line=53 msg="enter fast path" id=20085 trace_id=329 func=ip_session_run_all_tuple line=6936 msg="SNAT 10.10.20.20->192.168.50.197:11508" id=20085 trace_id=330 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=1, 10.10.20.20:11508->1.1.1.1:2048) from DMZ Network. type=8, code=0, id=11508, seq=3." id=20085 trace_id=330 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-00000fe0, original direction" id=20085 trace_id=330 func=ipv4_fast_cb line=53 msg="enter fast path"

 

Labels:
2701
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.