Description
This article describes the reason for the partial debug flow output in a FortiGate in vdom mode.
Scope
FortiGate deployed in a VDOM mode.
Solution
The debug flow output will look similar to the output below:
id=20085 trace_id=853 func=print_pkt_detail line=5824 msg="vd-FG-traffic:0 received a packet(proto=1, 172.17
.48.41:1337->192.168.10.1:2048) from Visitor. type=8, code=0, id=1337, seq=1."
id=20085 trace_id=853 func=init_ip_session_common line=5995 msg="allocate a new session-000b18d6" <-- Allocates a session.
id=20085 trace_id=853 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.10.1 via port1" <-- Finds the route via the correct interface and the gateway but never sends the traffic out.
id=20085 trace_id=854 func=print_pkt_detail line=5824 msg="vd-FG-traffic:0 received a packet(proto=1, 172.17.48.41:1338->192.168.10.1:
2048) from Visitor. type=8, code=0, id=1338, seq=1."
id=20085 trace_id=854 func=init_ip_session_common line=5995 msg="allocate a new session-000b18dc"
id=20085 trace_id=854 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.10.1 via port1"
diag sniffer packet port1 '' 6 0 l
interfaces=[port1]
filters=[]
^C
0 packets received by filter
0 packets dropped by kernel
No traffic is sent out via port-1.
- Check the VDOM system settings under the VDOM:
config vdom
edit <vdom>
config system settings
set status disable <-- If this is disabled, it needs to be enabled.
end
- After enabling the setting:
