Created on 03-20-2023 11:09 PM Edited on 09-14-2023 06:20 AM By Jean-Philippe_P
Description | This article illustrates two methods to find out the real SD-WAN interface number from the kernel interface index number which is shown in the session table. |
Scope | FortiGate. |
Solution |
Review the below example session table outcome for a session routed by the SD-WAN rule, note the IP addresses were substituted by characters for security reasons:
session info: proto=6 proto_state=05 duration=2 expire=0 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty f00 statistic(bytes/packets/allow_err): org=3809/14/1 reply=24914/22/1 tuples=2 tx speed(Bps/kbps): 1677/13 rx speed(Bps/kbps): 10975/87 orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x <<< This line shows the interface index numbers, explained in step 1 hook=post dir=org act=snat x.x.x.x:63232->y.y.y.y:443(z.z.z.z:63232) hook=pre dir=reply act=dnat y.y.y.y:443->z.z.z.z:63232(x.x.x.x:63232) pos/(before,after) 0/(0,0), 0/(0,0) misc=0 policy_id=6 pol_uuid_idx=14730 auth_info=0 chk_client_info=0 vd=0 serial=0013a5c6 tos=ff/ff app_list=0 app=0 url_cat=0 sdwan_mbr_seq=1 sdwan_service_id=1 <<< routing follows the SD-WAN rule number 1 and selected member is member 1 rpdb_link_id=ff000001 ngfwid=n/a npu_state=0x000100 no_ofld_reason: npu-flag-off
Below section is the routing, from interface index 11 to 3 and from 3 to 11.
orgin->sink: org pre->post, reply pre->post dev=11->3/3->11 gwy=z.z.z.z/x.x.x.x
Index 11 and index 3 are the kernel index numbers for the real interface numbers.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.