FortiGate 的相关知识
conf_file_ver=2873081117195307246? 每一次備份都會生成一個這樣的序號,不影響使用。
?
這個本地證書,每次都發生變化。請問這個是正常的吧? 為什么每次這個證書都會不同? 是根據設備的什么參數,還是隨機的。為什么別的證書不是這樣的。
這個是正常的。是程序代碼故意處理的,只對證書的私鑰部分作了處理。diagnose debug enable
diagnose debug console timestamp enable
diagnose debug flow filter
diagnose debug console show console enable
diagnose debug flow trace start xxxx? 輸出多少個符合條件的包
diagnose debug flow show function-name enable
五元組? 源地址 目的地址 源端口 目的端口 接口。
?$ 2012-05-25 13:50:50 id=20085 trace_id=90 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:50 id=20085 trace_id=90 msg="allocate a new session-19efae23"
2012-05-25 13:50:50 id=20085 trace_id=90 msg="find a route: gw-195.0.4.3 via BMWZ"
2012-05-25 13:50:50 id=20085 trace_id=90 msg="Allowed by Policy-20:"
2012-05-25 13:50:51 id=20085 trace_id=91 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:51 id=20085 trace_id=91 msg="Find an existing session, id-19efae23, original direction"
2012-05-25 13:50:52 id=20085 trace_id=92 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:52 id=20085 trace_id=92 msg="Find an existing session, id-19efae23, original direction"
2012-05-25 13:50:53 id=20085 trace_id=93 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:53 id=20085 trace_id=93 msg="Find an existing session, id-19efae23, original direction"
?
?
會話同步是自動的(配置勾選了會話同步), 備墻重新啟動后,就進行會話的同步, 同步主墻當前及以后新建的TCP會話.TCP會話同步,UDP、ICMP、多播、廣播不同步. diag debug app hatalk -1 diag sys ha dump 1 diag debug enable命令的輸出可以在telnet管理界面顯示.$ 2012-05-25 13:54:33 id=20085 trace_id=94 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:33 id=20085 trace_id=94 func=resolve_ip_tuple line=2799 msg="allocate a new session-19efb092"
2012-05-25 13:54:33 id=20085 trace_id=94 func=vf_ip4_route_input line=1543 msg="find a route: gw-195.0.2.10 via CWJZ"
2012-05-25 13:54:33 id=20085 trace_id=94 func=fw_forward_handler line=317 msg="Allowed by Policy-5:"
2012-05-25 13:54:34 id=20085 trace_id=95 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:34 id=20085 trace_id=95 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"
2012-05-25 13:54:35 id=20085 trace_id=96 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:35 id=20085 trace_id=96 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"
2012-05-25 13:54:36 id=20085 trace_id=97 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:36 id=20085 trace_id=97 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"
?
?
FG200A2104450177 (global) # get sys ha status Model: 200 Mode: a-p Group: 35 Debug: 0 ses_pickup: disable Master:200 FG200A2104450177 FG200A2104450177 1 Slave :100 FG200A2104450399 FG200A2104450399 0 number of vcluster: 2 vcluster 1: work 169.254.0.2 Master:0 FG200A2104450177 Slave :1 FG200A2104450399 vcluster 2: standby 169.254.0.1 Slave :1 FG200A2104450177 Master:0 FG200A2104450399?
?
?
FGT8002604400020 # id=36870 trace_id=71 func=resolve_ip_tuple_fast line=3427 msg="vd-root received a packet(proto=17, 2.168.118.34:138->192.168.118.255:138) from internal." ???? 查看的是 vd-root ? id=36870 trace_id=71 func=resolve_ip_tuple line=3559 msg="allocate a new session-0000a07c" ?創建一個會話 ? id=36870 trace_id=71 func=vf_ip4_route_input line=1585 msg="find a route: gw-192.168.118.255 via root"? ? 目的路由檢查 ? id=36870 trace_id=71 func=fw_local_in_handler line=237 msg="iprope_in_check() check failed, drop"??? 防火墻策略。這里被drop,也就是deny了。?
FGT50B3G07516763 # diagnose debug flow show console enable show trace messages on console FGT50B3G07516763 # diagnose debug flow show function-name enable show function name FGT50B3G07516763 # diagnose debug flow filter addr 192.168.3.189 FGT50B3G07516763 # FGT50B3G07516763 # FGT50B3G07516763 # diagnose debug flow trace start 20 FGT50B3G07516763 # diagnose debug enable?????????? FGT50B3G07516763 # id=36871 trace_id=1 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=1 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907a" id=36871 trace_id=1 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" 源路由檢測失敗 id=36871 trace_id=2 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=2 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907b" id=36871 trace_id=2 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" id=36871 trace_id=3 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=3 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907c" id=36871 trace_id=3 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" id=36871 trace_id=4 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=4 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907d" id=36871 trace_id=4 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop"轉載于:https://blog.51cto.com/3layer/878926
總結
以上是生活随笔為你收集整理的FortiGate 的相关知识的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: LDAP 中关于CN,OU,DC的含义
- 下一篇: [转载]MVP(SC),MVP(PV),