Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Vincentredont
New Contributor II

Created on ‎05-13-2024 10:35 PM

SSL VPN: Windows server 2022 File share works with Windows computer but not with MacOS

Hi all,

We have upgraded our windows server in 2022 version and since this update, no MacOs can't access to the file share. 

 

No firewall activated on windows server.

No specific Gpo are set on windows server.

I tried to connect the share with the short name, fqdn name and IP address, no success. (smb://shortname...)

 

No problem with windows computer.

 

We have a file share on windows server 2012R2 (not upgraded) and MacOs can access to the file share.

 

thank you for your help.

 

 

Labels:
238
0 Kudos
1 Solution
ozkanaltas
Contributor III
In response to Vincentredont

Created on ‎05-14-2024 07:02 AM

Hello @Vincentredont ,

 

Do you use any security profile on policy 415? If you say yes, can you test traffic without a security profile? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
177
5 REPLIES 5
ozkanaltas
Contributor III

Created on ‎05-13-2024 11:04 PM

Hello @Vincentredont ,

 

I saw a few users on the internet who faced the same issue. But they couldn't find any solution for that. I have a couple of questions for you.

 

-Does this issue happen just with only a vpn connection?
-Do you see any block logs on your firewall logs?
-I saw an article about Windows Server 2022 smb share. If you enable encryption on the server side, this feature opens smbv3. For this feature, you need to do configuration on the macOS side. Did you open encryption on the server side?

 

Also, can you share these debug command outputs with us? After running these commands, you need to try to access the file server from a macOS computer.

 

diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset

diagnose debug flow filter saddr  <Source_IP_Of_MacOS>
diagnose debug flow filter daddr <File_server_IP>
diagnose debug flow trace start 100
diagnose debug enable
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
223
Vincentredont
New Contributor II

Created on ‎05-14-2024 05:26 AM

Hello @ozkanaltas,

 

Thank you for your help.

 

This issue happen only with a vpn connection. No problem on local network.

We don't use smb encryption or compression on windows server. I already check that.

In Firewall log, We can't see any blocks. Just a tcp reset from client on Samba port (139).

You can see below the results of command lines

 

id=20085 trace_id=1 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 1660616953, ack 0, win 65535"
id=20085 trace_id=1 func=init_ip_session_common line=6046 msg="allocate a new session-44329a3f, tun_id=0.0.0.0"
id=20085 trace_id=1 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=1 func=fw_forward_handler line=881 msg="Allowed by Policy-415: AV"
id=20085 trace_id=1 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=2 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 1660616954, ack 587672009, win 2052"
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=2 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00000100"
id=20085 trace_id=2 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00000100"
id=20085 trace_id=2 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=3 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [S], seq 4161175205, ack 0, win 14600"
id=20085 trace_id=3 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=4 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 4161175206, ack 627340421, win 15"
id=20085 trace_id=4 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=5 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49555->IPDESTINATION:139) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 581561252, ack 0, win 65535"
id=20085 trace_id=5 func=init_ip_session_common line=6046 msg="allocate a new session-44329a5e, tun_id=0.0.0.0"
id=20085 trace_id=5 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=5 func=fw_forward_handler line=881 msg="Allowed by Policy-415:"
id=20085 trace_id=6 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [F.], seq 1660616954, ack 587672009, win 2052"
id=20085 trace_id=6 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=6 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=6 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=6 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=7 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 3039071319, ack 0, win 65535"
id=20085 trace_id=7 func=init_ip_session_common line=6046 msg="allocate a new session-44329a7e, tun_id=0.0.0.0"
id=20085 trace_id=8 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [F.], seq 4161175206, ack 627340421, win 15"
id=20085 trace_id=8 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=7 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=7 func=fw_forward_handler line=881 msg="Allowed by Policy-415: AV"
id=20085 trace_id=7 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=9 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071320, ack 2392491819, win 57859"
id=20085 trace_id=9 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=9 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00000100"
id=20085 trace_id=9 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00000100"
id=20085 trace_id=9 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=10 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49555->IPDESTINATION:139) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [R], seq 581561253, ack 0, win 0"
id=20085 trace_id=10 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a5e, original direction"
id=20085 trace_id=10 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000204 ses.npu_state=0x00040108"
id=20085 trace_id=10 func=fw_forward_dirty_handler line=410 msg="state=05000204, state2=00000001, npu_state=00040108"
id=20085 trace_id=11 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [S], seq 1640407227, ack 0, win 14600"
id=20085 trace_id=11 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=12 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407228, ack 3260325699, win 15"
id=20085 trace_id=12 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=13 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 1660616955, ack 587672010, win 2052"
id=20085 trace_id=13 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=13 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=13 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=13 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=14 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071320, ack 2392491819, win 57859"
id=20085 trace_id=14 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=14 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=14 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=14 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=15 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407228, ack 3260325699, win 15"
id=20085 trace_id=15 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=16 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407301, ack 3260325951, win 16"
id=20085 trace_id=16 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=17 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071393, ack 2392492071, win 57857"
id=20085 trace_id=17 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=17 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=17 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=17 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=18 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071393, ack 2392492071, win 57857"
id=20085 trace_id=18 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=18 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=18 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=18 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=19 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407301, ack 3260325951, win 16"
id=20085 trace_id=19 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=20 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407535, ack 3260326285, win 17"
id=20085 trace_id=20 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=21 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [F.], seq 1640407535, ack 3260326285, win 17"
id=20085 trace_id=21 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=22 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071627, ack 2392492072, win 57857"
id=20085 trace_id=22 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=22 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=22 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=22 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=23 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [F.], seq 3039071627, ack 2392492072, win 57857"
id=20085 trace_id=23 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=23 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=23 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=23 func=av_receive line=434 msg="send to application layer"

 

 

 

179
0 Kudos
Vincentredont
New Contributor II

Created on ‎05-14-2024 05:38 AM

Hello @ozkanaltas 

 

Thank you for your help.

 

On local network, we have no problem. The file share is accessible by macos computer.

On logs firewall, we can't see any blocks. Only a reset tcp on samba protocol (port 139)

We don't set smb encryption or comrpession on windows server. I checked that.

 

You can see below the results of command line :

id=20085 trace_id=1 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 1660616953, ack 0, win 65535"
id=20085 trace_id=1 func=init_ip_session_common line=6046 msg="allocate a new session-44329a3f, tun_id=0.0.0.0"
id=20085 trace_id=1 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=1 func=fw_forward_handler line=881 msg="Allowed by Policy-415: AV"
id=20085 trace_id=1 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=2 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 1660616954, ack 587672009, win 2052"
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=2 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00000100"
id=20085 trace_id=2 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00000100"
id=20085 trace_id=2 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=3 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [S], seq 4161175205, ack 0, win 14600"
id=20085 trace_id=3 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=4 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 4161175206, ack 627340421, win 15"
id=20085 trace_id=4 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=5 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49555->IPDESTINATION:139) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 581561252, ack 0, win 65535"
id=20085 trace_id=5 func=init_ip_session_common line=6046 msg="allocate a new session-44329a5e, tun_id=0.0.0.0"
id=20085 trace_id=5 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=5 func=fw_forward_handler line=881 msg="Allowed by Policy-415:"
id=20085 trace_id=6 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [F.], seq 1660616954, ack 587672009, win 2052"
id=20085 trace_id=6 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=6 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=6 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=6 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=7 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [S], seq 3039071319, ack 0, win 65535"
id=20085 trace_id=7 func=init_ip_session_common line=6046 msg="allocate a new session-44329a7e, tun_id=0.0.0.0"
id=20085 trace_id=8 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [F.], seq 4161175206, ack 627340421, win 15"
id=20085 trace_id=8 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=7 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-192.168.102.5 via NETWORKCONNECTOR"
id=20085 trace_id=7 func=fw_forward_handler line=881 msg="Allowed by Policy-415: AV"
id=20085 trace_id=7 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=9 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071320, ack 2392491819, win 57859"
id=20085 trace_id=9 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=9 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00000100"
id=20085 trace_id=9 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00000100"
id=20085 trace_id=9 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=10 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49555->IPDESTINATION:139) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [R], seq 581561253, ack 0, win 0"
id=20085 trace_id=10 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a5e, original direction"
id=20085 trace_id=10 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000204 ses.npu_state=0x00040108"
id=20085 trace_id=10 func=fw_forward_dirty_handler line=410 msg="state=05000204, state2=00000001, npu_state=00040108"
id=20085 trace_id=11 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [S], seq 1640407227, ack 0, win 14600"
id=20085 trace_id=11 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=12 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407228, ack 3260325699, win 15"
id=20085 trace_id=12 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=13 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49554->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 1660616955, ack 587672010, win 2052"
id=20085 trace_id=13 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a3f, original direction"
id=20085 trace_id=13 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=13 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=13 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=14 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071320, ack 2392491819, win 57859"
id=20085 trace_id=14 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=14 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=14 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=14 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=15 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407228, ack 3260325699, win 15"
id=20085 trace_id=15 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=16 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407301, ack 3260325951, win 16"
id=20085 trace_id=16 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=17 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071393, ack 2392492071, win 57857"
id=20085 trace_id=17 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=17 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=17 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=17 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=18 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071393, ack 2392492071, win 57857"
id=20085 trace_id=18 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=18 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000400 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=18 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=18 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=19 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407301, ack 3260325951, win 16"
id=20085 trace_id=19 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=20 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [.], seq 1640407535, ack 3260326285, win 17"
id=20085 trace_id=20 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=21 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from local. flag [F.], seq 1640407535, ack 3260326285, win 17"
id=20085 trace_id=21 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=22 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [.], seq 3039071627, ack 2392492072, win 57857"
id=20085 trace_id=22 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=22 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=22 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=22 func=av_receive line=434 msg="send to application layer"
id=20085 trace_id=23 func=print_pkt_detail line=5867 msg="vd-VIRTUALDOMAIN:0 received a packet(proto=6, IPSOURCE:49556->IPDESTINATION:445) tun_id=0.0.0.0 from ssl.VIRTUALDOMAIN. flag [F.], seq 3039071627, ack 2392492072, win 57857"
id=20085 trace_id=23 func=resolve_ip_tuple_fast line=5953 msg="Find an existing session, id-44329a7e, original direction"
id=20085 trace_id=23 func=npu_handle_session44 line=1183 msg="Trying to offloading session from ssl.VIRTUALDOMAIN to NETWORKCONNECTOR, skb.npu_flag=00000000 ses.state=05000306 ses.npu_state=0x00040108"
id=20085 trace_id=23 func=fw_forward_dirty_handler line=410 msg="state=05000306, state2=00000001, npu_state=00040108"
id=20085 trace_id=23 func=av_receive line=434 msg="send to application layer"

 

 

181
0 Kudos
ozkanaltas
Contributor III
In response to Vincentredont

Created on ‎05-14-2024 07:02 AM

Hello @Vincentredont ,

 

Do you use any security profile on policy 415? If you say yes, can you test traffic without a security profile? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
178
Vincentredont
New Contributor II

Created on ‎05-15-2024 01:20 AM Edited on ‎05-15-2024 04:09 AM

Hello @ozkanaltas ,

 

My colleague has disabled the security policy 415 and now, it's works !

This policy is used for forticlient antivirus and block traffic.

My colleague will work on it to resolve this issue.

It's very strange because with the same policy, you can access all windows server in 2012r2 but you can't in 2022.

 

Thank you very very much for your help !

144
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.