Hello Fortinet Community
So under the main network hood we have a FGT100F with a specific subnet policy towards the sd-wan interfaces with APP Control,WEB Filter and AV modules enabled.
More specifically on the APP Control module we have enabled between others HTTP/HTTPS.Browser as allowed
SSL also allowed
and Web Browsers category as allowed.
Certificate Inspection Enabled
The problem now is that SPECIFICALY the Vivaldi browser wont reach any wabpage from ANY PC on the targeted subnet.Furthermore in inserted both in the PC and the certificate store of the browser the FGT SSL Cert. Disabled all of the track privacy settings of the Vivaldi browser,no webpage reached still.
I also tried to disable all of the above mentioned modules in the policy,restarted the browser on a test PC with no avail.
Any ideas?
Thanks in advance!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @chrispng ,
First of all, can you apply the security profiles you have applied for wifi within this rule?
Alternatively, the problem may be caused by mss settings. Can you enter the following mtu settings only for the relevant rule?
config firewall policy
edit <policy id>
set tcp-mss-sender 1300
set tcp-mss-receiver 1300
Hello @chrispng ,
Can you share these command's output with us? After running these commands, can you try to access the internet from the client?
diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug reset
diagnose debug flow filter saddr <SRC_IP>
diagnose debug flow show console enable
diagnose debug console timestamp enable
diagnose debug flow trace start 100
diagnose debug enable
The client's Vivaldi browser still wont access any webpage
----------------------------------------------------------------------------------------------------------------
HRS_Firewall # diagnose debug disable
HRS_Firewall # diagnose debug flow trace stop
HRS_Firewall # diagnose debug flow filter clear
HRS_Firewall # diagnose debug reset
HRS_Firewall # diagnose debug flow filter saddr 172.16.35.28
HRS_Firewall # diagnose debug flow show console enable
command parse error before 'console'
Command fail. Return code -61
HRS_Firewall # diagnose debug flow show console enable
command parse error before 'console'
Command fail. Return code -61
HRS_Firewall # diagnose debug console timestamp enable
HRS_Firewall # diagnose debug flow trace start 100
HRS_Firewall # diagnose debug enable
HRS_Firewall # 2024-05-13 15:18:27 id=65308 trace_id=153 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=1, 172.1
6.35.28:0->172.16.20.25:771) tun_id=0.0.0.0 from HRS_Mobile_Usr. type=3, code=3, id=0, seq=0."
2024-05-13 15:18:37 id=65308 trace_id=154 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:52029-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=154 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ad6, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=154 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=154 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=154 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=154 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=154 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 76, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=155 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:49334-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=155 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ad7, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=155 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=155 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=155 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=155 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=155 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 80, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=156 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:50737-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=156 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ad8, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=156 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=156 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=156 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=156 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=156 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 73, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=157 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:64676-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=157 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ada, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=157 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=157 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=157 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=157 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=157 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 74, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=158 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59599-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=158 func=init_ip_session_common line=6009 msg="allocate a new session-057b4adc, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=158 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=158 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=158 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=158 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=158 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 78, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=159 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:60149-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=159 func=init_ip_session_common line=6009 msg="allocate a new session-057b4add, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=159 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=159 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=159 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=159 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=159 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 76, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=160 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=160 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ade, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=160 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=160 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=160 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=160 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:37 id=65308 trace_id=161 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=161 func=init_ip_session_common line=6009 msg="allocate a new session-057b4adf, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=161 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=161 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=161 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=161 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:37 id=65308 trace_id=162 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64984->
216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 2581414993, ack 0, win 64240"
2024-05-13 15:18:37 id=65308 trace_id=162 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ae0, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=162 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=162 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=162 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=162 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64984"
2024-05-13 15:18:37 id=65308 trace_id=162 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:37 id=65308 trace_id=162 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64984"
2024-05-13 15:18:37 id=65308 trace_id=162 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 55549, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=163 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:64352-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=163 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ae1, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=163 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=163 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=163 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=163 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=163 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 74, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=164 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:56177-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=164 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ae2, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=164 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=164 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=164 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=164 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=164 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 76, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=165 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64984->
216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 2581414994, ack 2016128385, win 1025"
2024-05-13 15:18:37 id=65308 trace_id=165 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4ae0, original dire
ction"
2024-05-13 15:18:37 id=65308 trace_id=165 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:37 id=65308 trace_id=165 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:37 id=65308 trace_id=165 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:37 id=65308 trace_id=165 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:37 id=65308 trace_id=165 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64984"
2024-05-13 15:18:37 id=65308 trace_id=165 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 55549, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:37 id=65308 trace_id=166 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64985->
151.101.2.137:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 803649812, ack 0, win 64240"
2024-05-13 15:18:37 id=65308 trace_id=166 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ae5, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=166 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 151.101.2.137
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=166 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=166 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=166 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64985"
2024-05-13 15:18:37 id=65308 trace_id=166 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:37 id=65308 trace_id=166 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64985"
2024-05-13 15:18:37 id=65308 trace_id=166 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 55805, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=167 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64986->
31.209.137.46:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 2572072153, ack 0, win 64240"
2024-05-13 15:18:37 id=65308 trace_id=167 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ae7, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=167 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 31.209.137.46
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=167 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=167 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=167 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64986"
2024-05-13 15:18:37 id=65308 trace_id=167 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:37 id=65308 trace_id=167 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64986"
2024-05-13 15:18:37 id=65308 trace_id=167 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56061, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=168 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=1, 172.16.35.28:0->172.
16.20.25:771) tun_id=0.0.0.0 from HRS_Mobile_Usr. type=3, code=3, id=0, seq=0."
2024-05-13 15:18:37 id=65308 trace_id=169 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64985->
151.101.2.137:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 803649813, ack 3374171338, win 1026"
2024-05-13 15:18:37 id=65308 trace_id=169 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4ae5, original dire
ction"
2024-05-13 15:18:37 id=65308 trace_id=169 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:37 id=65308 trace_id=169 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:37 id=65308 trace_id=169 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:37 id=65308 trace_id=169 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:37 id=65308 trace_id=169 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64985"
2024-05-13 15:18:37 id=65308 trace_id=169 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 55805, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:37 id=65308 trace_id=170 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64986->
31.209.137.46:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 2572072154, ack 1646473054, win 1026"
2024-05-13 15:18:37 id=65308 trace_id=170 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4ae7, original dire
ction"
2024-05-13 15:18:37 id=65308 trace_id=170 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:37 id=65308 trace_id=170 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:37 id=65308 trace_id=170 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:37 id=65308 trace_id=170 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:37 id=65308 trace_id=170 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64986"
2024-05-13 15:18:37 id=65308 trace_id=170 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56061, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:37 id=65308 trace_id=171 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=171 func=init_ip_session_common line=6009 msg="allocate a new session-057b4af5, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=171 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=171 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=171 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=171 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:37 id=65308 trace_id=172 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:61254-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=172 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b09, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=172 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=172 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=172 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=172 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=172 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 70, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=173 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:64517-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=173 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b0a, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=173 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:37 id=65308 trace_id=173 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:37 id=65308 trace_id=173 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:37 id=65308 trace_id=173 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:37 id=65308 trace_id=173 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 81, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=174 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64987->
151.101.66.137:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 466893946, ack 0, win 64240"
2024-05-13 15:18:37 id=65308 trace_id=174 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b0b, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=174 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 151.101.66.137
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=174 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=174 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=174 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64987"
2024-05-13 15:18:37 id=65308 trace_id=174 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:37 id=65308 trace_id=174 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64987"
2024-05-13 15:18:37 id=65308 trace_id=174 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56317, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:37 id=65308 trace_id=175 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64987->
151.101.66.137:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 466893947, ack 994450317, win 1026"
2024-05-13 15:18:37 id=65308 trace_id=175 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4b0b, original dire
ction"
2024-05-13 15:18:37 id=65308 trace_id=175 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:37 id=65308 trace_id=175 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:37 id=65308 trace_id=175 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:37 id=65308 trace_id=175 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:37 id=65308 trace_id=175 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64987"
2024-05-13 15:18:37 id=65308 trace_id=175 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56317, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:38 id=65308 trace_id=176 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:38 id=65308 trace_id=176 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b1d, tun_id=0.0.0.0"
2024-05-13 15:18:38 id=65308 trace_id=176 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:38 id=65308 trace_id=176 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:38 id=65308 trace_id=176 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:38 id=65308 trace_id=176 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:38 id=65308 trace_id=177 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:51160-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:38 id=65308 trace_id=177 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b35, tun_id=0.0.0.0"
2024-05-13 15:18:38 id=65308 trace_id=177 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:38 id=65308 trace_id=177 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:38 id=65308 trace_id=177 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:38 id=65308 trace_id=177 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:38 id=65308 trace_id=177 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 74, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:38 id=65308 trace_id=178 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:63497-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:38 id=65308 trace_id=178 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b36, tun_id=0.0.0.0"
2024-05-13 15:18:38 id=65308 trace_id=178 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:38 id=65308 trace_id=178 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:38 id=65308 trace_id=178 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:38 id=65308 trace_id=178 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:38 id=65308 trace_id=178 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 73, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:39 id=65308 trace_id=179 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:39 id=65308 trace_id=179 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b5c, tun_id=0.0.0.0"
2024-05-13 15:18:39 id=65308 trace_id=179 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:39 id=65308 trace_id=179 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:39 id=65308 trace_id=179 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:39 id=65308 trace_id=179 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:39 id=65308 trace_id=180 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:57111-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:39 id=65308 trace_id=180 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b71, tun_id=0.0.0.0"
2024-05-13 15:18:39 id=65308 trace_id=180 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:39 id=65308 trace_id=180 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:39 id=65308 trace_id=180 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:39 id=65308 trace_id=180 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:39 id=65308 trace_id=180 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 78, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:39 id=65308 trace_id=181 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:52462-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:39 id=65308 trace_id=181 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b72, tun_id=0.0.0.0"
2024-05-13 15:18:39 id=65308 trace_id=181 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:39 id=65308 trace_id=181 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:39 id=65308 trace_id=181 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:39 id=65308 trace_id=181 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:39 id=65308 trace_id=181 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 80, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:39 id=65308 trace_id=182 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64988->
104.22.77.159:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 1445272348, ack 0, win 64240"
2024-05-13 15:18:39 id=65308 trace_id=182 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b76, tun_id=0.0.0.0"
2024-05-13 15:18:39 id=65308 trace_id=182 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 104.22.77.159
via ifindex-7"
2024-05-13 15:18:39 id=65308 trace_id=182 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:39 id=65308 trace_id=182 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:39 id=65308 trace_id=182 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64988"
2024-05-13 15:18:39 id=65308 trace_id=182 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:39 id=65308 trace_id=182 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64988"
2024-05-13 15:18:39 id=65308 trace_id=182 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56573, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:39 id=65308 trace_id=183 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64988->
104.22.77.159:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 1445272349, ack 1549133460, win 1028"
2024-05-13 15:18:39 id=65308 trace_id=183 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4b76, original dire
ction"
2024-05-13 15:18:39 id=65308 trace_id=183 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:39 id=65308 trace_id=183 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:39 id=65308 trace_id=183 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:39 id=65308 trace_id=183 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:39 id=65308 trace_id=183 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64988"
2024-05-13 15:18:39 id=65308 trace_id=183 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56573, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:41 id=65308 trace_id=184 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214-
>216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:41 id=65308 trace_id=184 func=init_ip_session_common line=6009 msg="allocate a new session-057b4bc1, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=184 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:41 id=65308 trace_id=184 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:41 id=65308 trace_id=184 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:41 id=65308 trace_id=184 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
2024-05-13 15:18:41 id=65308 trace_id=185 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64989->
216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 2610469277, ack 0, win 64240"
2024-05-13 15:18:41 id=65308 trace_id=185 func=init_ip_session_common line=6009 msg="allocate a new session-057b4bc4, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=185 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36
via ifindex-7"
2024-05-13 15:18:41 id=65308 trace_id=185 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:41 id=65308 trace_id=185 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:41 id=65308 trace_id=185 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64989"
2024-05-13 15:18:41 id=65308 trace_id=185 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:41 id=65308 trace_id=185 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64989"
2024-05-13 15:18:41 id=65308 trace_id=185 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56829, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:41 id=65308 trace_id=186 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64989->
216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 2610469278, ack 4022041048, win 1025"
2024-05-13 15:18:41 id=65308 trace_id=186 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4bc4, original dire
ction"
2024-05-13 15:18:41 id=65308 trace_id=186 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:41 id=65308 trace_id=186 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:41 id=65308 trace_id=186 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:41 id=65308 trace_id=186 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:41 id=65308 trace_id=186 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64989"
2024-05-13 15:18:41 id=65308 trace_id=186 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 56829, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:41 id=65308 trace_id=187 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:5353->
224.0.0.251:5353) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:41 id=65308 trace_id=187 func=init_ip_session_common line=6009 msg="allocate a new session-057b4be1, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=187 func=ip_session_handle_no_dst line=6095 msg="trace"
2024-05-13 15:18:41 id=65308 trace_id=188 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:61419-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:41 id=65308 trace_id=188 func=init_ip_session_common line=6009 msg="allocate a new session-057b4be2, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=188 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:41 id=65308 trace_id=188 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:41 id=65308 trace_id=188 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:41 id=65308 trace_id=188 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:41 id=65308 trace_id=188 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 77, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:41 id=65308 trace_id=189 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:65378-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:41 id=65308 trace_id=189 func=init_ip_session_common line=6009 msg="allocate a new session-057b4be3, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=189 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:41 id=65308 trace_id=189 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:41 id=65308 trace_id=189 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:41 id=65308 trace_id=189 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:41 id=65308 trace_id=189 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 70, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:41 id=65308 trace_id=190 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64990->
31.209.137.5:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 3443461620, ack 0, win 64240"
2024-05-13 15:18:41 id=65308 trace_id=190 func=init_ip_session_common line=6009 msg="allocate a new session-057b4be6, tun_id=0.0.0.0"
2024-05-13 15:18:41 id=65308 trace_id=190 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 31.209.137.5 v
ia ifindex-7"
2024-05-13 15:18:41 id=65308 trace_id=190 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:41 id=65308 trace_id=190 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:41 id=65308 trace_id=190 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64990"
2024-05-13 15:18:41 id=65308 trace_id=190 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:41 id=65308 trace_id=190 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64990"
2024-05-13 15:18:41 id=65308 trace_id=190 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 57085, vtag->mtu 1400, vtag->flags 12, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:41 id=65308 trace_id=191 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64990->
31.209.137.5:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [.], seq 3443461621, ack 3372884693, win 1024"
2024-05-13 15:18:41 id=65308 trace_id=191 func=resolve_ip_tuple_fast line=5912 msg="Find an existing session, id-057b4be6, original dire
ction"
2024-05-13 15:18:41 id=65308 trace_id=191 func=npu_handle_session44 line=1206 msg="Trying to offloading session from HRS_Mobile_Usr to w
an1, skb.npu_flag=00000400 ses.state=00012204 ses.npu_state=0x00003894"
2024-05-13 15:18:41 id=65308 trace_id=191 func=np6xlite_fos_set_nturbo_ips_fwd_session line=620 msg="push nturbo session oid 16"
2024-05-13 15:18:41 id=65308 trace_id=191 func=ip_session_install_npu_session line=358 msg="npu session installation succeeded"
2024-05-13 15:18:41 id=65308 trace_id=191 func=fw_forward_dirty_handler line=437 msg="state=00012204, state2=00000001, npu_state=00003c9
4"
2024-05-13 15:18:41 id=65308 trace_id=191 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64990"
2024-05-13 15:18:41 id=65308 trace_id=191 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 66, vta
g->vid 0
vtag->sip[0] 1246013e, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 57085, vtag->mtu 1400, vtag->flags 2, vtag->np6_flag 0x0, skb->npu_flag=0xc0c80"
2024-05-13 15:18:42 id=65308 trace_id=192 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:5353->
224.0.0.251:5353) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:42 id=65308 trace_id=192 func=init_ip_session_common line=6009 msg="allocate a new session-057b4c04, tun_id=0.0.0.0"
2024-05-13 15:18:42 id=65308 trace_id=192 func=ip_session_handle_no_dst line=6095 msg="trace"
2024-05-13 15:18:44 id=65308 trace_id=193 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:5353->
224.0.0.251:5353) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:44 id=65308 trace_id=193 func=init_ip_session_common line=6009 msg="allocate a new session-057b4c71, tun_id=0.0.0.0"
2024-05-13 15:18:44 id=65308 trace_id=193 func=ip_session_handle_no_dst line=6095 msg="trace"
2024-05-13 15:18:45 id=65308 trace_id=194 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:50479-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:45 id=65308 trace_id=194 func=init_ip_session_common line=6009 msg="allocate a new session-057b4c7b, tun_id=0.0.0.0"
2024-05-13 15:18:45 id=65308 trace_id=194 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:45 id=65308 trace_id=194 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:45 id=65308 trace_id=194 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:45 id=65308 trace_id=194 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:45 id=65308 trace_id=194 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 78, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:45 id=65308 trace_id=195 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:49290-
>172.16.20.25:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:45 id=65308 trace_id=195 func=init_ip_session_common line=6009 msg="allocate a new session-057b4c7c, tun_id=0.0.0.0"
2024-05-13 15:18:45 id=65308 trace_id=195 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.25 via I
nfrastructure"
2024-05-13 15:18:45 id=65308 trace_id=195 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:45 id=65308 trace_id=195 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:45 id=65308 trace_id=195 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:45 id=65308 trace_id=195 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 75, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:46 id=65308 trace_id=196 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:49594-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:46 id=65308 trace_id=196 func=init_ip_session_common line=6009 msg="allocate a new session-057b4cb5, tun_id=0.0.0.0"
2024-05-13 15:18:46 id=65308 trace_id=196 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:46 id=65308 trace_id=196 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:46 id=65308 trace_id=196 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:46 id=65308 trace_id=196 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:46 id=65308 trace_id=196 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 80, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:46 id=65308 trace_id=197 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:62700-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:46 id=65308 trace_id=197 func=init_ip_session_common line=6009 msg="allocate a new session-057b4cb6, tun_id=0.0.0.0"
2024-05-13 15:18:46 id=65308 trace_id=197 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:46 id=65308 trace_id=197 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:46 id=65308 trace_id=197 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:46 id=65308 trace_id=197 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:46 id=65308 trace_id=197 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 71, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:46 id=65308 trace_id=198 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:54909-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:46 id=65308 trace_id=198 func=init_ip_session_common line=6009 msg="allocate a new session-057b4cb9, tun_id=0.0.0.0"
2024-05-13 15:18:46 id=65308 trace_id=198 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:46 id=65308 trace_id=198 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:46 id=65308 trace_id=198 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:46 id=65308 trace_id=198 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:46 id=65308 trace_id=198 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 73, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:46 id=65308 trace_id=199 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59539-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:46 id=65308 trace_id=199 func=init_ip_session_common line=6009 msg="allocate a new session-057b4cba, tun_id=0.0.0.0"
2024-05-13 15:18:46 id=65308 trace_id=199 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:46 id=65308 trace_id=199 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:46 id=65308 trace_id=199 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:46 id=65308 trace_id=199 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:46 id=65308 trace_id=199 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 78, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
2024-05-13 15:18:46 id=65308 trace_id=200 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59778-
>172.16.20.26:53) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:46 id=65308 trace_id=200 func=init_ip_session_common line=6009 msg="allocate a new session-057b4cc3, tun_id=0.0.0.0"
2024-05-13 15:18:46 id=65308 trace_id=200 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-172.16.20.26 via I
nfrastructure"
2024-05-13 15:18:46 id=65308 trace_id=200 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=46, len=2"
2024-05-13 15:18:46 id=65308 trace_id=200 func=fw_forward_handler line=979 msg="Allowed by Policy-36:"
2024-05-13 15:18:46 id=65308 trace_id=200 func=__ip_session_run_tuple line=3460 msg="run helper-dns-udp(dir=original)"
2024-05-13 15:18:46 id=65308 trace_id=200 func=np6xlite_hif_nturbo_build_vtag line=1224 msg="vtag->magic d153beef, vtag->coretag 75, vta
g->vid 20
vtag->sip[0] 0, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 0, vtag->mtu 1532, vtag->flags 10, vtag->np6_flag 0x0, skb->npu_flag=0xc0880"
HRS_Firewall # diagnose debug flow show console
command parse error before 'console'
Command fail. Return code -61
HRS_Firewall # diagnose debug flow console enable
command parse error before 'console'
Command fail. Return code -61
Hello @chrispng ,
It looks weird. According to debug output, if your client wants to go to google.com denied by the firewall.
2024-05-13 15:18:37 id=65308 trace_id=160 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=17, 172.16.35.28:59214->216.58.212.36:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. "
2024-05-13 15:18:37 id=65308 trace_id=160 func=init_ip_session_common line=6009 msg="allocate a new session-057b4ade, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=160 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 216.58.212.36via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=160 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan1"
2024-05-13 15:18:37 id=65308 trace_id=160 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=160 func=fw_forward_handler line=827 msg="Denied by forward policy check (policy 0)"
But if your client wants to go somewhere instead of google.com, it can go. Also this traffic is processed by policy id 37.
2024-05-13 15:18:37 id=65308 trace_id=174 func=print_pkt_detail line=5824 msg="vd-root:0 received a packet(proto=6, 172.16.35.28:64987->
151.101.66.137:443) tun_id=0.0.0.0 from HRS_Mobile_Usr. flag [S], seq 466893946, ack 0, win 64240"
2024-05-13 15:18:37 id=65308 trace_id=174 func=init_ip_session_common line=6009 msg="allocate a new session-057b4b0b, tun_id=0.0.0.0"
2024-05-13 15:18:37 id=65308 trace_id=174 func=rpdb_srv_match_input line=1046 msg="Match policy routing id=2130837507: to 151.101.66.137
via ifindex-7"
2024-05-13 15:18:37 id=65308 trace_id=174 func=vf_ip_route_input_common line=2611 msg="find a route: flag=04000000 gw-62.1.70.17 via wan
1"
2024-05-13 15:18:37 id=65308 trace_id=174 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=7, len=15"
2024-05-13 15:18:37 id=65308 trace_id=174 func=get_new_addr line=1205 msg="find SNAT: IP-62.1.70.18(from IPPOOL), port-64987"
2024-05-13 15:18:37 id=65308 trace_id=174 func=fw_forward_handler line=979 msg="Allowed by Policy-37: SNAT"
2024-05-13 15:18:37 id=65308 trace_id=174 func=__ip_session_run_tuple line=3406 msg="SNAT 172.16.35.28->62.1.70.18:64987"
Do you have any limitations on Policy 37? Also, do you use application control on policy 37? If you say yes, Is the Network protocols category configured as a block?
Yes i do,mostly enabled certain destinations.
Network protocols category is configured as Monitor
Hello @chrispng ,
When I reviewed the debug output, I saw your client access some websites. Because of that, it's interesting.
What kind of error page do you encounter in Vivaldi?
From the screenshot provided as you can see.The outcome is the same on ALL websites reagrdless http or https ones, regardless prior installing the FGT certificate on the browser or after
Weird thing is i tried browsers from Firefox to Chromium based raw, from opera gx to firefox nighly and ofcourse all the mainstream ones work fine.
Hello @chrispng ,
I saw the Google IP address in your debug output. This traffic is blocked by a firewall.
Are other websites also the same on the Vivaldi browser?
And also how is your policy 37 configuration? Do you use a dynamic object or static address object on policy 37? If you use a static object, can you check this IP address? Is it added to policy 37 or not?
216.58.212.36
Also, can you share the policy id 37 configuration?
Belows the policy
config firewall policy
edit 37
set name "Vlan35_to_Internet"
set uuid 0a5c2e58-0a0d-51eb-5ecb-caa90fe71921
set srcintf "HRS_Mobile_Usr"
set dstintf "virtual-wan-link"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "Email Access" "Web Access" "SSL_VPN" "Elta" "Office365_587" "ALL_ICMP" "HTTPS"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set webfilter-profile "monitor-all flow based"
set application-list "winupdts_bitdefender"
set logtraffic all
set nat enable
next
end
Hello @chrispng ,
Can you access google.com on other browsers?
I think your web filter or application control settings restrict this access.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.