=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.07.12 07:50:30 =~=~=~=~=~=~=~=~=~=~=~= Using username "scriptadmin". scriptadmin@192.168.8.1's password: router-fgt-60e # get system status Version: FortiGate-60E v6.2.4,build1112,200511 (GA) Virus-DB: 77.00728(2020-05-27 09:20) Extended DB: 77.00728(2020-05-27 09:20) IPS-DB: 15.00852(2020-05-27 00:07) IPS-ETDB: 0.00000(2001-01-01 00:00) APP-DB: 15.00850(2020-05-24 23:51) INDUSTRIAL-DB: 15.00852(2020-05-27 00:07) Serial-Number: FGT60E4Q16048128 IPS Malicious URL Database: 2.00656(2020-05-27 06:58) Botnet DB: 4.00640(2020-04-30 01:37) BIOS version: 05000009 System Part-Number: P18816-01 Log hard disk: Not available Hostname: router-fgt-60e Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: standalone Branch point: 1112 --More-- Release Version Information: GA System time: Sun Jul 12 07:50:42 2020 router-fgt-60e # router-fgt-60e # show system interface config system interface edit "wan1" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set estimated-upstream-bandwidth 200000 set estimated-downstream-bandwidth 200000 set role wan set snmp-index 1 set dns-server-override disable next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 2 next edit "dmz" set vdom "root" --More-- set ip 10.10.10.1 255.255.255.0 set allowaccess ping https http fgfm fabric set type physical set role dmz set snmp-index 3 next edit "internal1" set vdom "root" set allowaccess ping https ssh snmp fabric set type physical set alias "connected-to-external-switch" set device-identification enable set role lan set snmp-index 9 next edit "internal2" set vdom "root" set ip 192.168.98.1 255.255.255.0 set allowaccess ping https ssh snmp http set type physical set alias "Management98-reserve" set device-identification enable --More-- set role lan set snmp-index 10 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 6 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 7 next edit "internal" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping set type hard-switch set stp enable set device-identification enable --More-- set role lan set snmp-index 8 next edit "management99" set vdom "root" set ip 192.168.99.1 255.255.255.0 set allowaccess ping https ssh snmp fabric set device-identification enable set role lan set snmp-index 16 --More-- set interface "internal1" router-fgt-60e # get system interface == [ wan1 ] name: wan1 mode: dhcp ip: 213.233.204.200 255.255.255.128 status: up netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ wan2 ] name: wan2 mode: dhcp ip: 0.0.0.0 0.0.0.0 status: up netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ dmz ] name: dmz mode: static ip: 10.10.10.1 255.255.255.0 status: up netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ internal1 ] name: internal1 mode: static ip: 0.0.0.0 0.0.0.0 status: up netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable --More-- == [ internal2 ] name: internal2 mode: static ip: 192.168.98.1 255.255.255.0 status: up netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ modem ] name: modem mode: pppoe ip: 0.0.0.0 0.0.0.0 netbios-forward: disable type: physical netflow-sampler: disable sflow-sampler: disable src-check: enable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ ssl.root ] name: ssl.root ip: 0.0.0.0 0.0.0.0 status: up netbios-forward: disable type: tunnel netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable wccp: disable == [ internal ] name: internal mode: static ip: 192.168.1.99 255.255.255.0 status: up netbios-forward: disable type: hard-switch netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable == [ management99 ] name: management99 mode: static ip: 192.168.99.1 255.255.255.0 status: up netbios-forward: disable type: vlan netflow-sampler: disable sflow-sampler: disable src-check: enable explicit-web-proxy: disable explicit-ftp-proxy: disable proxy-captive-portal: disable mtu-override: disable wccp: disable drop-overlapped-fragment: disable drop-fragment: disable --More-- router-fgt-60e # router-fgt-60e # get router info routing-table all Routing table for VRF=0 Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [1/0] via 213.233.204.129, wan1 C 192.168.1.0/24 is directly connected, internal C 192.168.98.0/24 is directly connected, internal2 C 192.168.99.0/24 is directly connected, management99 --More-- C 213.233.204.128/25 is directly connected, wan1 router-fgt-60e # router-fgt-60e # diagnose sys virtual-wan-link health-check Health Check(Google_DNS): Seq(1): state(alive), packet-loss(0.000%) latency(3.540), jitter(0.017) sla_map=0x0 Seq(2): state(dead), packet-loss(100.000%) sla_map=0x0 router-fgt-60e # diagnose sys virtual-wan-link member Member(1): interface: wan1, gateway: 213.233.204.129, priority: 0, weight: 0 Member(2): interface: wan2, priority: 0, weight: 0 router-fgt-60e # diagnose netlink dstmac list dev=lo mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=dummy0 mac=32:8a:ee:f8:da:01 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=nturbo_rx mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=nturbo_tx mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=wan1 mac=90:6c:ac:a7:c7:ca rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=wan2 mac=90:6c:ac:a7:c7:cb rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=dmz mac=90:6c:ac:a7:c7:cc attach-host rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal1 mac=90:6c:ac:a7:c7:cd src-vis-os src-vis-host src-vis-user attach-host rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal2 mac=90:6c:ac:a7:c7:ce src-vis-os src-vis-host src-vis-user rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal3 mac=90:6c:ac:a7:c7:cf rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal4 mac=90:6c:ac:a7:c7:d0 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal5 mac=90:6c:ac:a7:c7:d1 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal6 mac=90:6c:ac:a7:c7:d2 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal7 mac=90:6c:ac:a7:c7:d3 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=npu0_vlink0 mac=02:6c:ac:a7:c7:de rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=npu0_vlink1 mac=02:6c:ac:a7:c7:df rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=modem mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=root mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=ssl.root mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=management99 mac=90:6c:ac:a7:c7:cd src-vis-os src-vis-host src-vis-user attach-host rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internal mac=90:6c:ac:a7:c7:cf src-vis-os src-vis-host src-vis-user rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=VPN-Pijler mac=00:00:00:00:00:00 attach-host rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=internet-only mac=90:6c:ac:a7:c7:cf src-vis-os src-vis-host src-vis-user rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=vsys_ha mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=port_ha mac=90:6c:ac:a7:c7:cc rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=vsys_fgfm mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 dev=tun_fgfm mac=00:00:00:00:00:00 rx_tcp_mss=0 tx_tcp_mss=0 egress_overspill_threshold=0 egress_bytes=0 egress_over_bps=0 ingress_overspill_threshold=0 ingress_bytes=0 ingress_over_bps=0 sampler_rate=0 router-fgt-60e # diagnose sys virtual-wan-link service Service(1): Address Mode(IPV4) flags=0x0 TOS(0x0/0x0), Protocol(0: 1->65535), Mode(priority), link-cost-factor(latency), link-cost-threshold(10), health-check(Google_DNS) Service role: standalone Member sub interface: Members: 1: Seq_num(1), alive, latency: 3.540, selected 2: Seq_num(2), dead Src address: 0.0.0.0-255.255.255.255 Dst address: 0.0.0.0-255.255.255.255 router-fgt-60e # diagnose sys virtual-wan-link service Service(1): Address Mode(IPV4) flags=0x0 TOS(0x0/0x0), Protocol(0: 1->65535), Mode(priority), link-cost-factor(latency), link-cost-threshold(10), health-check(Google_DNS) Service role: standalone Member sub interface: Members: 1: Seq_num(1), alive, latency: 3.538, selected 2: Seq_num(2), dead Src address: 0.0.0.0-255.255.255.255 Dst address: 0.0.0.0-255.255.255.255 router-fgt-60e # diagnose firewall proute list list route policy info(vf=root): id=0x7f390001 vwl_service=1(Primary-Internet) vwl_mbr_seq=1 dscp_tag=0xff 0xff flags=0x0 tos=0x00 tos_mask=0x00 protocol=0 sport=0:65535 iif=0 dport=1-65535 oif=5 source(1): 0.0.0.0-255.255.255.255 destination(1): 0.0.0.0-255.255.255.255 hit_count=237 last_used=2020-07-12 07:50:53 router-fgt-60e # router-fgt-60e # diag test application dnsproxy 1 worker idx: 0 router-fgt-60e # execute ping-options repeat-count 2 router-fgt-60e # execute ping opendns.com execute ping nu.nl Unable to resolve hostname. ====> it takes 2 seconds before unable to resolve is displayed router-fgt-60e # execute ping nu.nl Unable to resolve hostname. ====> it takes 2 seconds before unable to resolve is displayed router-fgt-60e # diag test application dnsproxy 2 worker idx: 0 worker: count=1 idx=0 retry_interval=500 query_timeout=1495 DNS latency info: vfid=0 server=208.67.220.220 latency=-1 updated=3 vfid=0 server=208.67.222.222 latency=-1 updated=11 SDNS latency info: vfid=0 server=208.91.112.220 latency=-1 updated=14483 DNS_CACHE: alloc=0, hit=35897 RATING_CACHE: alloc=0, hit=0 DNS query: alloc=26 DNS UDP: req=190020 res=144466 fwd=125599 cmp=0 retrans=11250 to=5581 cur=755 switched=28424493 num_switched=776 v6_cur=0 v6_switched=0 num_v6_switched=0 ftg_res=0 ftg_fwd=0 ftg_retrans=0 DNS TCP: req=2177, res=2137, fwd=1991, retrans=18 to=9 DNS TCP connections: FQDN: alloc=16 nl_write_cnt=10055 nl_send_cnt=12644 nl_cur_cnt=0 Botnet: searched=0 hit=0 router-fgt-60e # diag test application dnsproxy 3 worker idx: 0 vdom: root, index=0, is master, vdom dns is enabled, mip-169.254.0.1 dns_log=1 tls=0 cert=Fortinet_Factory dns64 is disabled dns-server:208.91.112.220:53 tz=120 tls=0 req=0 to=0 res=0 rt=1491 rating=1 ready=0 timer=175 probe=8 failure=0 last_failed=0 dns-server:208.67.222.222:53 tz=0 tls=0 req=1387 to=919 res=0 rt=1494 rating=0 ready=1 timer=0 probe=0 failure=7 last_failed=59 dns-server:208.67.220.220:53 tz=0 tls=0 req=1036 to=696 res=0 rt=1494 rating=0 ready=1 timer=0 probe=0 failure=13 last_failed=15 Interface selecting method: auto Specified interface: FortiGuard interface selecting method: auto FortiGuard specified interface: vfid=0, interface=management99, ifindex=23, recursive, vfid=0, interface=internal2, ifindex=9, recursive, vfid=0, interface=VPN-Pijler, ifindex=30, recursive, DNS search domain: pijler.intern, DNS_CACHE: hash-size=2048, ttl=1800, min-ttl=60, max-num=5000 DNS FD: udp_s=16 udp_c=21:22 ha_c=26 unix_s=27, unix_nb_s=28, unix_nc_s=29 v6_udp_s=15, v6_udp_c=24:25, snmp=30, redir=17, v6_redir=18 DNS FD: tcp_s=33, tcp_s6=31, redir=35 v6_redir=36 FQDN: hash_size=1024, current_query=1024 DNS_DB: response_buf_sz=131072 LICENSE: expiry=2020-05-28, expired=1, type=2 FDG_SERVER:208.91.112.220:53 FGD_CATEGORY_VERSION:8 SERVER_LDB: gid=a05b, tz=120, error_allow=0 FGD_REDIR_V4:208.91.112.55 FGD_REDIR_V6: router-fgt-60e # diag test application dnsproxy 4 worker idx: 0 router-fgt-60e # diag test application dnsproxy 5 worker idx: 0 router-fgt-60e # diag test application dnsproxy 6 worker idx: 0 vfid=0 name=login.windows.net ver=IPv4 timer running, min_ttl=50:14, cache_ttl=0 , slot=0, num=0, wildcard=0 vfid=0 name=login.microsoft.com ver=IPv4 timer running, min_ttl=87:14, cache_ttl=0 , slot=1, num=0, wildcard=0 vfid=0 name=*.dropbox.com ver=IPv4 min_ttl=9:0, cache_ttl=0 , slot=-1, num=0, wildcard=1 vfid=0 name=whg.pijler.intern ver=IPv4 timer running, min_ttl=3600:3594, cache_ttl=0 , slot=-1, num=1, wildcard=0 192.168.99.13 (ttl=3600:3600:3600) vfid=0 name=login.microsoftonline.com ver=IPv4 timer running, min_ttl=235:14, cache_ttl=0 , slot=10, num=0, wildcard=0 vfid=0 name=gmail.com ver=IPv4 timer running, min_ttl=300:14, cache_ttl=0 , slot=11, num=0, wildcard=0 vfid=0 name=*.google.com ver=IPv4 min_ttl=188:0, cache_ttl=0 , slot=-1, num=0, wildcard=1 FQDN num=16 router-fgt-60e # diag test application dnsproxy 7 worker idx: 0 CACHE num=0 router-fgt-60e # diag test application dnsproxy 8 worker idx: 0 vfid=0 name=pijler-intern domain=pijler.intern ttl=3600 authoritative=1 view=shadow type=master serial=1309247033 refresh=0 PTR: 4.99.168.192.in-addr.arpa-->switch4.pijler.intern(3600) A: AP84.pijler.intern-->192.168.99.84(3600) A: AP63.pijler.intern-->192.168.99.63(3600) A: switch2.pijler.intern-->192.168.99.2(3600) SOA: pijler.intern (primary: router.pijler.intern, contact: hostmaster@pijler.intern, serial: 1309247033)(3600) NS: pijler.intern-->router.pijler.intern(3600) vfid=0 name=pijler-local domain=pijler.local ttl=86400 authoritative=1 view=shadow type=master serial=1360877877 refresh=0 SOA: pijler.local (primary: dns-pijler-local.pijler.local, contact: hostmaster@pijler.local, serial: 1360877877)(86400) A: pijl2.pijler.local-->192.168.170.8(86400) PTR: 8.170.168.192.in-addr.arpa-->pijl2.pijler.local(86400) router-fgt-60e # diag test application dnsproxy 9 worker idx: 0 router-fgt-60e # diag test application dnsproxy 99 worker idx: 0 router-fgt-60e # execute ping opendns.com Unable to resolve hostname. router-fgt-60e # execute ping nu.nl Unable to resolve hostname. router-fgt-60e # router-fgt-60e # router-fgt-60e # execute ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=3.6 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=3.5 ms --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 3.5/3.5/3.6 ms router-fgt-60e # execute ping 213.233.204.200 PING 213.233.204.200 (213.233.204.200): 56 data bytes 64 bytes from 213.233.204.200: icmp_seq=0 ttl=255 time=0.1 ms 64 bytes from 213.233.204.200: icmp_seq=1 ttl=255 time=0.1 ms --- 213.233.204.200 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.1/0.1/0.1 ms router-fgt-60e # execute reboot This operation will reboot the system ! Do you want to continue? (y/n) ====> it takes 2 seconds before unable to resolve is displayed