Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adimailig
Staff
Staff

Created on ‎02-14-2024 06:35 AM

Article Id 299366

Troubleshooting Tip: Implicit SD-WAN Rule ID not showing on Session List

Description This article describes why users may find implicit SD-WAN rule IDs not missing due to changes made to the session list output.
Scope FortiOS 7.0.4+.
Solution

If traffic hits an implicit SD-WAN Rule, it means the session was handled using standard FIB routing.
For FortiOS version 7.0.3 and below, session details (diagnose system session list) will show sdwan_service_id=0.
For FortiOS version 7.0.4 and above this will not show on session details.

 

FortiOS 7.0.3.

 

session info: proto=1 proto_state=00 duration=60 expire=3 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty f00
statistic(bytes/packets/allow_err): org=240/4/1 reply=240/4/1 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=5->3/3->5 gwy=10.47.15.254/192.168.10.5
hook=post dir=org act=snat 192.168.10.5:1->8.8.8.8:8(10.47.1.80:60417)
hook=pre dir=reply act=dnat 8.8.8.8:60417->10.47.1.80:0(192.168.10.5:1)
misc=0 policy_id=1 auth_info=0 chk_client_info=0 vd=0
serial=00000263 tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=1 sdwan_service_id=0     >>>>>>>> Implicit SDWAN Rule
rpdb_link_id=80000000 rpdb_svc_id=0 ngfwid=n/a
npu_state=0x040000
total session 1

 

FortiOS 7.0.4.

Capture.PNG

session info: proto=1 proto_state=00 duration=51 expire=57 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty f00
statistic(bytes/packets/allow_err): org=360/6/1 reply=360/6/1 tuples=2
tx speed(Bps/kbps): 34/0 rx speed(Bps/kbps): 34/0
orgin->sink: org pre->post, reply pre->post dev=5->3/3->5 gwy=10.47.15.254/192.168.10.5
hook=post dir=org act=snat 192.168.10.5:1->8.8.8.8:8(10.47.1.80:60417)
hook=pre dir=reply act=dnat 8.8.8.8:60417->10.47.1.80:0(192.168.10.5:1)
misc=0 policy_id=1 pol_uuid_idx=14727 auth_info=0 chk_client_info=0 vd=0
serial=000001f0 tos=ff/ff app_list=0 app=0 url_cat=0   >>>> No sdwan_service_id
rpdb_link_id=80000000 ngfwid=n/a
npu_state=00000000
total session 1
Labels:
203
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.