In session list below, I can see reference to device/interface index 0 (see "dev=0->0/0->0"), but "diagnose sys device list" does not show such. What is device/interface index 0?
# diagnose sys session list
:
session info: proto=17 proto_state=00 duration=134 expire=45 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log dirty may_dirty npu f00
statistic(bytes/packets/allow_err): org=76/1/1 reply=0/0/0 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=0->0/0->0 gwy=0.0.0.0/0.0.0.0
hook=pre dir=org act=noop censored1:48499->censored2:123(0.0.0.0:0)
hook=post dir=reply act=noop censored2:123->censored1:48499(0.0.0.0:0)
misc=0 policy_id=18 auth_info=0 chk_client_info=0 vd=1
serial=e01d0871 tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=0 sdwan_service_id=0
rpdb_link_id=00000000 rpdb_svc_id=0 ngfwid=n/a
npu_state=00000000
npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0x0000/0x0000
vlifid=0/0, vtag_in=0x0000/0x0000 in_npu=0/0, out_npu=0/0, fwd_en=0/0, qid=0/0
no_ofld_reason
:
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would assume dev=0 means itself because my own 40F's NTP session (UDP(17) 123) is origined from dev=0. But I don't understand your case because the destination is also 0 and policy_id is 18. What's in policy#18?
Toshi
Created on 10-10-2023 09:30 PM Edited on 10-10-2023 09:32 PM
Hi Toshi, here:
config vdom
edit censored-vdom
config firewall policy
:
edit 18
set uuid censored
set srcintf "censored-zone"
set dstintf "censored-npu0_vlink1"
set srcaddr "censored-addgrp"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
next
:
Created on 10-10-2023 09:52 PM Edited on 10-10-2023 09:54 PM
I think it speaks itself.
Zones include multiple interfaces so can't set IDs. Packets to npu_vlinks are offloaded from CPU and managed by npu so probably don't need dev IDs.
<edit>also does this vdom happen to be in transparent mode? I didn't see any gateway info either.</edit>
Toshi
Created on 10-10-2023 10:09 PM Edited on 10-10-2023 10:28 PM
The following is from exactly same "diagnose sys session list" printout (but for a TCP session, not UDP).
session info: proto=6 proto_state=06 duration=0 expire=4 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty npu synced f00
statistic(bytes/packets/allow_err): org=164/3/1 reply=112/2/1 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=61->57/57->61 gwy=172.28.censored/172.28.censored
hook=pre dir=org act=noop censored3:48232->censored3:80(0.0.0.0:0)
hook=post dir=reply act=noop censored4:80->censored3:48232(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=18 auth_info=0 chk_client_info=0 vd=1
serial=e01fcb30 tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=0 sdwan_service_id=0
rpdb_link_id=00000000 rpdb_svc_id=0 ngfwid=n/a
npu_state=0x000c00
npu info: flag=0x91/0x81, offload=8/8, ips_offload=0/0, epid=140/355, ipid=355/141, vlan=0x00ae/0x0802
vlifid=194/141, vtag_in=0x00ae/0x0802 in_npu=2/1, out_npu=1/1, fwd_en=1/0, qid=4/4
Devices index 61 is for a VLAN-type interface that's a member of censored-zone zone; and 57 is for a VLAN-type interface censored-npu0_vlink1 - these, indeed... are as expected.
So, if the original printout "speaks for itself", then I'm missing it...
Then my interpretation must be wrong.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1545 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.