Created on 05-27-2015 05:56 AM Edited on 02-05-2024 09:53 AM By Stephen_G
Description
Solution
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGPO - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area> - selected route, * - FIB route, p - stale infoS *> 0.0.0.0/0 [10/0] via 172.31.19.254, wan1S 10.112.0.0/22 [20/0] is directly connected, Secondary-p1S *> 10.112.0.0/22 [10/0] is directly connected, Primary-p1C *> 10.156.0.0/22 is directly connected, lanC *> 50.10.10.0/24 is directly connected, dmzC *> 172.31.16.0/22 is directly connected, wan1C *> 172.31.192.0/22 is directly connected, wan2
FGTServer: Verify route toward client subnet (10.156.0.0/22)
FGTServer # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGPO - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area> - selected route, * - FIB route, p - stale infoS *> 0.0.0.0/0 [10/0] via 172.31.19.254, port1C *> 10.112.0.0/22 is directly connected, port5S 10.156.0.0/22 [20/0] is directly connected, Secondary-p1S *> 10.156.0.0/22 [10/0] is directly connected, Primary-p1C *> 172.31.16.0/22 is directly connected, port1C *> 172.31.192.0/22 is directly connected, port3
WAN optimization verification (GUI interface is available under the version 5.0)
• Send HTTP, SSH, FTP traffic from the client toward the server.
• The Wan Optimization statistics can be monitored from the GUI (Web Based Manager), at WanOpt. --> Monitor :
GUI interface WAN Optimization
CLI verification :
FGTClient # diagnose test application wad 26
name: server, vd: 0, ip: 0.0.0.0 ref: 4 type:autotraffic:client: LAN in:55124, LAN out:316649, WAN in:215482, WAN out:16000gateway: LAN in:0, LAN out:0, WAN in:0, WAN out:0client 0x2a986a6078, server 0x2a986a6098total peers: 1, manual peers: 0 auto peers: 1FGTServer # diagnose test application wad 26name: client, vd: 0, ip: 0.0.0.0 ref: 4 type:autotraffic:client: LAN in:0, LAN out:0, WAN in:0, WAN out:0gateway: LAN in:321405, LAN out:55124, WAN in:16000, WAN out:221494client 0x2a98aa7078, server 0x2a98aa7098total peers: 1, manual peers: 0 auto peers: 1
Bring down Primary IPSEC tunnel, verify routing table and WAN optimization
• Routing table :
FGTClient # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGPO - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area> - selected route, * - FIB route, p - stale infoS *> 0.0.0.0/0 [10/0] via 172.31.19.254, wan1S *> 10.112.0.0/22 [20/0] is directly connected, Secondary-p1S 10.112.0.0/22 [10/0] is directly connected, Primary-p1 inactiveC *> 10.156.0.0/22 is directly connected, lanC *> 50.10.10.0/24 is directly connected, dmzC *> 172.31.16.0/22 is directly connected, wan1
FGTServer # get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGPO - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area> - selected route, * - FIB route, p - stale info
S *> 0.0.0.0/0 [10/0] via 172.31.19.254, port1C *> 10.112.0.0/22 is directly connected, port5S *> 10.156.0.0/22 [20/0] is directly connected, Secondary-p1S 10.156.0.0/22 [10/0] is directly connected, Primary-p1 inactiveC *> 172.31.16.0/22 is directly connected, port1C *> 172.31.192.0/22 is directly connected, port3
• WAN Optimization (GUI interface is available under the version 5.0):
GUI interface WAN Optimization
FGTClient # diagnose test application wad 26
name: server, vd: 0, ip: 0.0.0.0 ref: 7 type:autotraffic:client: LAN in:76762, LAN out:622216, WAN in:518994, WAN out:25152gateway: LAN in:0, LAN out:0, WAN in:0, WAN out:0client 0x2a986a6078, server 0x2a986a6098total peers: 1, manual peers: 0 auto peers: 1FGTServer # diagnose test application wad 26name: client, vd: 0, ip: 0.0.0.0 ref: 7 type:autotraffic:client: LAN in:0, LAN out:0, WAN in:0, WAN out:0gateway: LAN in:620824, LAN out:76762, WAN in:25152, WAN out:518022client 0x2a98aa7078, server 0x2a98aa7098total peers: 1, manual peers: 0 auto peers: 1
Troubleshooting commands
Use the WAD command:
diagnose test application wad <test level>
Example :
23: display all protocols stats24: flush all protocols stats26: display all peers99 : restart WAD
Session diagnostics :
diagnose wad session list
Protocol statistics :
diagnose wad stats list
Tunnel diagnostics :
diagnose wad tunnel list
Related Articles
Case study : FortiGate WAN Optimization over IPSec and content inspection in multiple VDOMs
Technical Note : OSPF route redundancy over 2 VPN IPSec tunnels
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.