Why does policy-id-6 appear? What is its significance? There is no policy-id-6 in the actual policy,

justin_zhan · ‎09-22-2024

FortiGate-40F # diagnose debug flow filter saddr 192.168.1.111

FortiGate-40F # diagnose debug flow filter daddr 223.6.6.6

FortiGate-40F # diagnose debug console timestamp enable

FortiGate-40F # diagnose debug flow show function-name enable

FortiGate-40F # diagnose debug flow show iprope enable

FortiGate-40F # diagnose debug enable

FortiGate-40F # diagnose debug flow trace start 20

FortiGate-40F # 2024-09-23 11:35:44 id=65308 trace_id=44 func=print_pkt_detail line=5903 msg="vd-root:0 received a packet(proto=1, 192.168.
1.111:1->223.6.6.6:2048) tun_id=0.0.0.0 from lan. type=8, code=0, id=1, seq=15."
2024-09-23 11:35:44 id=65308 trace_id=44 func=init_ip_session_common line=6096 msg="allocate a new session-00021434"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_dnat_check line=5521 msg="in-[lan], out-[]"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_dnat_tree_check line=836 msg="len=0"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_dnat_check line=5546 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept,
flag-00000000"
2024-09-23 11:35:44 id=65308 trace_id=44 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-10.205.101.1 via wan"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_fwd_check line=817 msg="in-[lan], out-[wan], skb_flags-02000000, vid-0, app_id: 0, u
rl_cat_id: 0"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_tree_check line=539 msg="gnum-100004, use addr/intf hash, len=2"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check_one_policy line=2159 msg="checked gnum-100004 policy-2, ret-matched, act-accep
t"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_user_identity_check line=1922 msg="ret-matched"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check line=2425 msg="gnum-4e20, check-ffffffbffc02c644"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check_one_policy line=2159 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept
"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check_one_policy line=2159 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept
"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check_one_policy line=2159 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept
"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check line=2442 msg="gnum-4e20 check result: ret-no-match, act-accept, flag-00000000
, flag2-00000000"
2024-09-23 11:35:44 id=65308 trace_id=44 func=get_new_addr line=1289 msg="find SNAT: IP-10.205.101.7(from IPPOOL), port-5118"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_check_one_policy line=2395 msg="policy-2 is matched, act-accept"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__iprope_fwd_check line=854 msg="after iprope_captive_check(): is_captive-0, ret-matched, act
-accept, idx-2"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_fwd_auth_check line=883 msg="after iprope_captive_check(): is_captive-0, ret-matched,
act-accept, idx-2"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_reverse_dnat_check line=1369 msg="in-[lan], out-[wan], skb_flags-02000000, vid-0"
2024-09-23 11:35:44 id=65308 trace_id=44 func=iprope_reverse_dnat_tree_check line=928 msg="len=0"
2024-09-23 11:35:44 id=65308 trace_id=44 func=fw_forward_handler line=993 msg="Allowed by Policy-2: SNAT"
2024-09-23 11:35:44 id=65308 trace_id=44 func=__ip_session_run_tuple line=3450 msg="SNAT 192.168.1.111->10.205.101.7:5118"
2024-09-23 11:35:45 id=65308 trace_id=45 func=print_pkt_detail line=5903 msg="vd-root:0 received a packet(proto=1, 192.168.1.111:1->223.6.6
.6:2048) tun_id=0.0.0.0 from lan. type=8, code=0, id=1, seq=16."
2024-09-23 11:35:45 id=65308 trace_id=45 func=resolve_ip_tuple_fast line=5998 msg="Find an existing session, id-00021434, original directio
n"
2024-09-23 11:35:45 id=65308 trace_id=45 func=npu_handle_session44 line=1222 msg="Trying to offloading session from lan to wan, skb.npu_fla
g=00000400 ses.state=00000204 ses.npu_state=0x00000001"
2024-09-23 11:35:45 id=65308 trace_id=45 func=fw_forward_dirty_handler line=444 msg="state=00000204, state2=00000001, npu_state=00000001"
2024-09-23 11:35:45 id=65308 trace_id=45 func=__ip_session_run_tuple line=3450 msg="SNAT 192.168.1.111->10.205.101.7:5118"

Why does policy-id-6 appear? What is its significance? There is no policy-id-6 in the actual policy of my firewall

为什么会出现 policy-id-6？它的意义是什么？

在我防火墙实际的policy中并没有policy-id-6

配置：

FortiGate-40F (policy) # show
config firewall policy
edit 2
set name "any"
set uuid d7197e1a-7727-51ef-68aa-8a95aebb35b1
set srcintf "any"
set dstintf "any"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set auto-asic-offload disable
set nat enable
next
end

hrahuman_FTNT · ‎09-22-2024

Dear Customer,

It can be possible from iprope cache,

kindly run " diagnose firewall iprope list"

check the cache then iprope cache clear the " diagnose firewall iprope clear" then " diagnose firewall iprope list".

-Habeeb

justin_zhan · ‎09-23-2024

Thank you for your answer！

FortiGate-40F # diagnose firewall iprope clear
clear group idx ...

FortiGate-40F # diagnose firewall iprope list

Policy Group 00004e20

policy index=6 uuid_idx=0 action=accept
flag (20a00008): redir a_i nlb ha_replicate
schedule()
cos_fwd=0 cos_rev=0
group=00004e20 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x0:5060/(0,65535)->(5060,5060)] flags:0 helper:auto

policy index=6 uuid_idx=0 action=accept
flag (20a00008): redir a_i nlb ha_replicate
flag2 (800000): inherit-sockport
schedule()
cos_fwd=0 cos_rev=0
group=00004e20 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:5060/(0,65535)->(5060,5060)] flags:0 helper:auto

policy index=6 uuid_idx=0 action=accept
flag (a00008): redir a_i nlb
schedule()
cos_fwd=0 cos_rev=0
group=00004e20 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x0:0/(0,65535)->(2000,2000)] flags:0 helper:auto

Policy Group 00100000

policy index=4294967295 uuid_idx=0 action=drop
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=00100000 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): -1 -> zone(1): -1
source(1): 0.0.0.0-0.0.0.0, uuid_idx=0,
dest(1): 0.0.0.0-0.0.0.0, uuid_idx=0,
service(0):

Policy Group 00000001

policy index=4294967295 uuid_idx=0 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=00000001 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(53,53)] flags:0 helper:auto

Policy Group 00100002

policy index=4294967295 uuid_idx=0 action=drop
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=00100002 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): -1 -> zone(1): -1
source(1): 0.0.0.0-0.0.0.0, uuid_idx=0,
dest(1): 0.0.0.0-0.0.0.0, uuid_idx=0,
service(0):

Policy Group 00000003

policy index=4294967295 uuid_idx=0 action=accept
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(53,53)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10300/(0,65535)->(21,21)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10400/(0,65535)->(23,23)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(80,80)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(1000,1000)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(443,443)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(1003,1003)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=drop
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,65535)->(0,0)] flags:4 helper:auto

Policy Group 00100003

policy index=0 uuid_idx=1 action=drop
flag (8010800): d_rm master pol_stats
flag2 (4000): resolve_sso
flag3 (100): last-deny
schedule()
cos_fwd=0 cos_rev=0
group=00100003 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Policy Group 00000004

policy index=4294967295 uuid_idx=0 action=accept
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(53,53)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10300/(0,65535)->(21,21)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10400/(0,65535)->(23,23)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(80,80)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(1000,1000)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(443,443)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(1003,1003)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=drop
flag (20): auth
schedule()
cos_fwd=0 cos_rev=0
group=00000004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,65535)->(0,0)] flags:4 helper:auto

Policy Group 00100004

policy index=2 uuid_idx=651 action=accept
flag (8050109): log redir nat master use_src pol_stats
flag2 (6200): no_asic log_fail resolve_sso
flag3 (100000a0): link-local best-route no-vwp
flag4 (200): port-preserve
schedule(always)
cos_fwd=255 cos_rev=255
group=00100004 av=00004e20 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=552,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=552,
service(1):
[0:0x0:0/(0,65535)->(0,65535)] flags:0 helper:auto

policy index=0 uuid_idx=1 action=drop
flag (8010800): d_rm master pol_stats
flag2 (4000): resolve_sso
flag3 (100): last-deny
schedule()
cos_fwd=0 cos_rev=0
group=00100004 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Policy Group 00000005

policy index=4294967295 uuid_idx=0 action=accept
flag (0):
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(53,53)] flags:0 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (8): redir
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(80,80)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (8): redir
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10000/(0,65535)->(1000,1000)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (8): redir
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(443,443)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=redirect
flag (8): redir
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10100/(0,65535)->(1003,1003)] flags:4 helper:auto

policy index=4294967295 uuid_idx=0 action=drop
flag (0):
flag2 (80000000): captive-portal
schedule()
cos_fwd=0 cos_rev=0
group=00000005 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,65535)->(0,65535)] flags:0 helper:auto

Policy Group 00000008

policy index=4294967295 uuid_idx=0 action=redirect
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=00000008 av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x4:10200/(0,65535)->(80,80)] flags:4 helper:auto

Policy Group 0010000a

policy index=4294967295 uuid_idx=30 action=drop
flag (800): d_rm
schedule()
cos_fwd=0 cos_rev=0
group=0010000a av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Policy Group 0010000c

policy index=4294967295 uuid_idx=0 action=redirect
flag (8000000): pol_stats
schedule()
sockport=1011 cos_fwd=0 cos_rev=0
group=0010000c av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
service(1):
[6:0x4:1011/(0,65535)->(80,80)] flags:0 helper:auto

Policy Group 0010000d

policy index=0 uuid_idx=0 action=accept
flag (8000000): pol_stats
flag3 (4100): last-deny snat-deny
schedule()
cos_fwd=0 cos_rev=0
group=0010000d av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Policy Group 0010000e

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(123,123)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(0,0)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x0:0/(0,65535)->(443,443)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(7):
[17:0x0:0/(0,65535)->(500,500)] flags:0 helper:auto
[6:0x0:0/(0,65535)->(4500,4500)] flags:0 helper:auto
[17:0x0:0/(0,65535)->(4500,4500)] flags:0 helper:auto
[17:0x0:0/(0,65535)->(1144,1144)] flags:0 helper:auto
[17:0x0:0/(0,65535)->(2000,2000)] flags:0 helper:auto
[17:0x0:0/(0,65535)->(3799,3799)] flags:0 helper:auto
[17:0x0:0/(0,65535)->(8014,8014)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(4):
[17:0x0:0/(0,65535)->(520,520)] flags:0 helper:auto
[89:0x0:0/(0,65535)->(0,65535)] flags:0 helper:auto
[2:0x0:0/(0,65535)->(0,65535)] flags:0 helper:auto
[103:0x0:0/(0,65535)->(0,65535)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 18 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(67,67)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(67,67)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 18 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(3): 192.168.1.99-192.168.1.99, uuid_idx=0, 224.0.1.140-224.0.1.140, uuid_idx=0, 255.255.255.255-255.255.255.255, uuid_idx=0,
service(4):
[17:0x0:9500/(0,65535)->(5246,5246)] flags:0 helper:auto
[17:0x0:9501/(0,65535)->(5247,5247)] flags:0 helper:auto
[17:0x0:9502/(0,65535)->(5248,5248)] flags:0 helper:auto
[17:0x0:9503/(0,65535)->(5249,5249)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(3): 10.255.1.1-10.255.1.1, uuid_idx=0, 224.0.1.140-224.0.1.140, uuid_idx=0, 255.255.255.255-255.255.255.255, uuid_idx=0,
service(4):
[17:0x0:9500/(0,65535)->(5246,5246)] flags:0 helper:auto
[17:0x0:9501/(0,65535)->(5247,5247)] flags:0 helper:auto
[17:0x0:9502/(0,65535)->(5248,5248)] flags:0 helper:auto
[17:0x0:9503/(0,65535)->(5249,5249)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 18 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(25246,25246)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[17:0x0:0/(0,65535)->(25246,25246)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 18 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x0:0/(0,65535)->(8013,8013)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[6:0x0:0/(0,65535)->(8013,8013)] flags:0 helper:auto

policy index=4294967295 uuid_idx=4 action=drop
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000e av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Policy Group 0010000f

policy index=4294967295 uuid_idx=7 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000f av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 5 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 10.205.101.7-10.205.101.7, uuid_idx=0,
service(4):
[1:0x0:0/(0,65535)->(13,13)] flags:0 helper:auto
[1:0x0:0/(0,65535)->(8,8)] flags:0 helper:auto
[6:0x0:0/(0,65535)->(443,443)] flags:0 helper:auto
[6:0x0:0/(0,65535)->(23,23)] flags:0 helper:auto

policy index=4294967295 uuid_idx=7 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000f av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 18 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 192.168.1.99-192.168.1.99, uuid_idx=0,
service(4):
[1:0x0:0/(0,65535)->(13,13)] flags:0 helper:auto
[1:0x0:0/(0,65535)->(8,8)] flags:0 helper:auto
[6:0x0:0/(0,65535)->(443,443)] flags:0 helper:auto
[6:0x0:0/(0,65535)->(22,22)] flags:0 helper:auto

policy index=4294967295 uuid_idx=7 action=accept
flag (0):
schedule()
cos_fwd=0 cos_rev=0
group=0010000f av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 17 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 10.255.1.1-10.255.1.1, uuid_idx=0,
service(2):
[1:0x0:0/(0,65535)->(13,13)] flags:0 helper:auto
[1:0x0:0/(0,65535)->(8,8)] flags:0 helper:auto

policy index=4294967295 uuid_idx=11 action=drop
flag (800): d_rm
schedule()
cos_fwd=0 cos_rev=0
group=0010000f av=00000000 au=00000000 split=00000000
host=0 chk_client_info=0x0 app_list=0 ips_view=0
misc=0
zone(1): 0 -> zone(1): 0
source(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
dest(1): 0.0.0.0-255.255.255.255, uuid_idx=0,
service(1):
[0:0x0:0/(0,0)->(0,0)] flags:0 helper:auto

Debug still exists：

checked gnum-4e20 policy-6, ret-no-match, act-accept

justin_zhan · ‎09-22-2024