Technical Tip: How to review the users that are maintained in cache

As WAD process maintains its own cache for users on FortiProxy, we could see the list (or users) by CLI.

First we need to identify and access to WAD Informer process contest:

FPX # diagnose debug reset

FPX # diagnose debug enable

FPX # diagnose test application wad 1000 <----- This will show all wad processes information (type, index, PID of each of them, and the current state).

FPX-VM02 # diagnose test application wad 1000
Process [0]:  WAD manager type=manager(0) pid=1534 diagnosis=yes.
Process [1]: type=dispatcher(1) index=0 pid=1583 state=running
                   diagnosis=no debug=enable valgrind=unsupported/disabled
Process [2]: type=worker(2) index=0 pid=1584 state=running
                   diagnosis=no debug=enable valgrind=supported/disabled
Process [3]: type=worker(2) index=1 pid=1585 state=running
                   diagnosis=no debug=enable valgrind=supported/disabled
Process [4]: type=algo(3) index=0 pid=1582 state=running
                   diagnosis=no debug=enable valgrind=unsupported/disabled
Process [5]: type=informer(4) index=0 pid=1576 state=running
                   diagnosis=no debug=enable valgrind=unsupported/disabled
Process [6]: type=user-info(5) index=0 pid=1580 state=running
                   diagnosis=no debug=enable valgrind=supported/disabled

To access to Informer process context we need to execute the following CLI commands:

diagnose test application wad 2400

Once on Informer context, we could get additional information for that daemon by running the wad options:

diagnose test application wad <---- Here select enter to see the associated options to informer daemon

FortiProxy-VM02 # diagnose test application wad 2400
Set diagnosis process: type=informer index=0 pid=1565

FortiProxy-VM02 # diagnose test application wad

WAD process 1565 test usage:
    1: display process status
    2: display total memory usage.
    99: restart all WAD processes
    1000: List all WAD processes.
    1002: display status of WANOpt storages

 ...

    68: Enable process debug
    69: Disable process debug
    90: Toggle to write debug sink.
    91: Crash test
    98: gracefully stopping WAD process
    110: display current saved users  < ---
    111: flush current saved users  <---
    112: display process informer statistics
    113: display WAD fsso statistics
    115: display WAD user report statistics  < ---
    116: Toggle create device on query flag
    118: dump all device data
    138: re-generate SSL key
    120001..120999: set the timeout value of dev. query in seconds, valid values [001-999] sec.

Now there is the option to see the users maintained on cache by:

FortiProxy-VM02 # diagnose test application wad 110  <----- to see the information about users.

FortiProxy-VM02 # diagnose test application wad 111  <----- to clear information about cache users.

For example, before any user authentication:

FortiProxy-VM02 # diagnose test application wad 110

users:  <---
Summary:
        concur: user=0 action=0
        timeout=600 need-query=0 firewall=0(0), fsae=0, no-worker=0
        user_node=0 fsae_pr_count=0

After a user is authenticated:

FortiProxy-VM02 # diagnose test application wad 110

users:    [1] student1@192.168.13.100:0 upn_domain= from:worker worker:1 vf:0 ref:1 stale=0 ntlm:0, has_fsae:0, active_auth:1, guest:0
user_node:(0x7f7469ced208) user:1[max=65536](0x7f7469cdd048) ip:1(0x7f7469cd5048) scheme:0 outofsync:0(0) id:1

Summary:
      concur: user=0 action=0
      timeout=600 need-query=0 firewall=0(0), fsae=0, no-worker=0
      user_node=1 fsae_pr_count=0