As WAD process maintains its own cache for users on FortiProxy, we could see the list (or users) by CLI.
First we need to identify and access to WAD Informer process contest:
FPX # diagnose debug reset
FPX # diagnose debug enable
FPX # diagnose test application wad 1000 <----- This will show all wad processes information (type, index, PID of each of them, and the current state).
FPX-VM02 # diagnose test application wad 1000 Process [0]: WAD manager type=manager(0) pid=1534 diagnosis=yes. Process [1]: type=dispatcher(1) index=0 pid=1583 state=running diagnosis=no debug=enable valgrind=unsupported/disabled Process [2]: type=worker(2) index=0 pid=1584 state=running diagnosis=no debug=enable valgrind=supported/disabled Process [3]: type=worker(2) index=1 pid=1585 state=running diagnosis=no debug=enable valgrind=supported/disabled Process [4]: type=algo(3) index=0 pid=1582 state=running diagnosis=no debug=enable valgrind=unsupported/disabled Process [5]: type=informer(4) index=0 pid=1576 state=running diagnosis=no debug=enable valgrind=unsupported/disabled Process [6]: type=user-info(5) index=0 pid=1580 state=running diagnosis=no debug=enable valgrind=supported/disabled
To access to Informer process context we need to execute the following CLI commands:
diagnose test application wad 2400
Once on Informer context, we could get additional information for that daemon by running the wad options:
diagnose test application wad <---- Here select enter to see the associated options to informer daemon
FortiProxy-VM02 # diagnose test application wad 2400 Set diagnosis process: type=informer index=0 pid=1565
FortiProxy-VM02 # diagnose test application wad
WAD process 1565 test usage: 1: display process status 2: display total memory usage. 99: restart all WAD processes 1000: List all WAD processes. 1002: display status of WANOpt storages
...
68: Enable process debug 69: Disable process debug 90: Toggle to write debug sink. 91: Crash test 98: gracefully stopping WAD process 110: display current saved users < --- 111: flush current saved users <--- 112: display process informer statistics 113: display WAD fsso statistics 115: display WAD user report statistics < --- 116: Toggle create device on query flag 118: dump all device data 138: re-generate SSL key 120001..120999: set the timeout value of dev. query in seconds, valid values [001-999] sec.
Now there is the option to see the users maintained on cache by:
FortiProxy-VM02 # diagnose test application wad 110 <----- to see the information about users.
FortiProxy-VM02 # diagnose test application wad 111 <----- to clear information about cache users.
For example, before any user authentication:
FortiProxy-VM02 # diagnose test application wad 110
users: <--- Summary: concur: user=0 action=0 timeout=600 need-query=0 firewall=0(0), fsae=0, no-worker=0 user_node=0 fsae_pr_count=0
After a user is authenticated:
FortiProxy-VM02 # diagnose test application wad 110
users: [1] student1@192.168.13.100:0 upn_domain= from:worker worker:1 vf:0 ref:1 stale=0 ntlm:0, has_fsae:0, active_auth:1, guest:0 user_node:(0x7f7469ced208) user:1[max=65536](0x7f7469cdd048) ip:1(0x7f7469cd5048) scheme:0 outofsync:0(0) id:1
Summary: concur: user=0 action=0 timeout=600 need-query=0 firewall=0(0), fsae=0, no-worker=0 user_node=1 fsae_pr_count=0
|