Same as FortiOs, FortiProxy redirects traffic to the Wad process, however, there is no option as 'iprope' as in FortiOS nor a flow trace on FortiProxy.
However, FortiProxy uses the IPtables function, these tables contain sets of rules, called chains, that will filter incoming and outgoing data packets.
To see the IPtables on the FortiProxy, execute the following command on the CLI:
FortiProxy-VM02 # diagnose iptables list
For example:
FortiProxy-VM02 # diagnose iptables list Chain INPUT (policy DROP 446 packets, 35405 bytes) pkts bytes target prot opt in out source destination 121 17154 ACCEPT all -- any any anywhere anywhere mark match 0x1/0x1 12044 9777K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED 465 29359 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT all -- tun-mgmt any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere multiport dports 541,7810,7802 0 0 ACCEPT tcp -- any any anywhere 127.0.0.1 tcp dpt:8000 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8013 1 52 ACCEPT tcp -- port1 any anywhere 192.168.170.9 multiport dports 80,443,22 0 0 ACCEPT icmp -- port1 any anywhere 192.168.170.9 icmp echo-request 0 0 ACCEPT udp -- port2 any anywhere anywhere multiport dports 2048 0 0 ACCEPT 47 -- port2 any anywhere anywhere 0 0 ACCEPT icmp -- port2 any anywhere 192.168.90.4 icmp echo-request 0 0 ACCEPT icmp -- port3 any anywhere 192.168.30.12 icmp echo-request 0 0 ACCEPT tcp -- port4 any anywhere 192.168.13.99 multiport dports 80,443,22 0 0 ACCEPT icmp -- port4 any anywhere 192.168.13.99 icmp echo-request ... 0 0 ACCEPT tcp -- ssl.root any anywhere 192.168.170.9 multiport dports 80,443,22 0 0 ACCEPT icmp -- ssl.root any anywhere 192.168.170.9 icmp echo-request 0 0 ACCEPT icmp -- ssl.root any anywhere 192.168.90.4 icmp echo-request 0 0 ACCEPT icmp -- ssl.root any anywhere 192.168.30.12 icmp echo-request 0 0 ACCEPT tcp -- ssl.root any anywhere 192.168.13.99 multiport dports 80,443,22 0 0 ACCEPT icmp -- ssl.root any anywhere 192.168.13.99 icmp echo-request
There is also the following option for IPtables on FortiProxy:
FortiProxy-VM02 # diagnose iptables list list iptables list6 list ip6tables dry-run dump iptables rule refresh refresh iptables shaper refresh shaper profile shaper-stats print shaper stats shaper-stats-gui print GUI shaper stats
|