This article describes the reason for the partial debug flow output in a FortiGate in vdom mode.
FortiGate deployed in a VDOM mode.
The debug flow output will look similar to the output below:
id=20085 trace_id=853 func=print_pkt_detail line=5824 msg="vd-FG-traffic:0 received a packet(proto=1, 172.17
.48.41:1337->192.168.10.1:2048) from Visitor. type=8, code=0, id=1337, seq=1."
id=20085 trace_id=853 func=init_ip_session_common line=5995 msg="allocate a new session-000b18d6" <-- Allocates a session.
id=20085 trace_id=853 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.10.1 via port1" <-- Finds the route via the correct interface and the gateway but never sends the traffic out.
id=20085 trace_id=854 func=print_pkt_detail line=5824 msg="vd-FG-traffic:0 received a packet(proto=1, 172.17.48.41:1338->192.168.10.1:
2048) from Visitor. type=8, code=0, id=1338, seq=1."
id=20085 trace_id=854 func=init_ip_session_common line=5995 msg="allocate a new session-000b18dc"
id=20085 trace_id=854 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.10.1 via port1"
diag sniffer packet port1 '' 6 0 l
interfaces=[port1]
filters=[]
^C
0 packets received by filter
0 packets dropped by kernel
No traffic is sent out via port-1.
config vdom
edit <vdom>
config system settings
set status disable <-- If this is disabled, it needs to be enabled.
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.