Technical Tip: How to identify which WAD worker process is handling a specific session

ojacinto · ‎10-26-2023

Description

This article describes how to identify which WAD worker process is handling a specific session.

Scope

FortiProxy v7.0.0, v7.2.0 and v7.4.0 and above.

Solution

Working on a web proxy scenario, after the user performs some Internet connections, it is possible to identify the WAD worker process that is handling the communication by the following command:

diagnose wad session list

For example:

FortiProxy-VM02 # diagnose wad session list

Session: explicit proxy 192.168.13.100:52712(192.168.170.13:26366)->69.162.81.253:443
id=1168264960 worker=0 vd=0:0 fw-policy=2
duration=9 expire=3591 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=1
bytes_in=222 bytes_out=0 shutdown=0x0
to-server
TCP Port:
state=1 r_blocks=0 w_blocks=0 read_blocked=0
bytes_in=0 bytes_out=0 shutdown=0x0

Session: explicit proxy 192.168.13.100:52714(192.168.170.13:31538)->162.247.243.30:443
id=1168264961 worker=0 vd=0:0 fw-policy=2
duration=7 expire=3594 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
SSL Port:
state=3
TCP Port:
state=2 r_blocks=2 w_blocks=0 read_blocked=0
bytes_in=2497 bytes_out=1185 shutdown=0x0
to-server
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=853 bytes_out=1981 shutdown=0x0

Session: explicit proxy 192.168.13.100:52716(192.168.170.13:18386)->54.196.227.84:443
id=1168264962 worker=0 vd=0:0 fw-policy=2
duration=5 expire=3596 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
SSL Port:
state=3
TCP Port:
state=2 r_blocks=2 w_blocks=0 read_blocked=0
bytes_in=3068 bytes_out=946 shutdown=0x0
to-server
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=605 bytes_out=2495 shutdown=0x0

Session: explicit proxy 192.168.13.100:52718(192.168.170.13:49340)->199.60.103.254:443
id=1168264963 worker=0 vd=0:0 fw-policy=2
duration=1 expire=3600 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=1745 bytes_out=941099 shutdown=0x0
to-server
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=940734 bytes_out=1669 shutdown=0x0

Session: explicit proxy 192.168.13.100:52713(192.168.170.13:11466)->20.122.63.128:443
id=1168265023 worker=1 vd=0:0 fw-policy=2
duration=7 expire=3594 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
SSL Port:
state=3
TCP Port:
state=2 r_blocks=3 w_blocks=0 read_blocked=0
bytes_in=2490 bytes_out=3863 shutdown=0x0
to-server
SSL Port:
state=3
TCP Port:
state=2 r_blocks=0 w_blocks=0 read_blocked=0
bytes_in=5733 bytes_out=2023 shutdown=0x0

Session: explicit proxy 192.168.13.100:52715(192.168.170.13:37780)->69.162.81.253:80
id=1168265024 worker=1 vd=0:0 fw-policy=2
duration=6 expire=3594 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL disabled
to-client
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=1
bytes_in=458 bytes_out=0 shutdown=0x0
to-server
TCP Port:
state=1 r_blocks=0 w_blocks=0 read_blocked=0
bytes_in=0 bytes_out=0 shutdown=0x0

Session: explicit proxy 192.168.13.100:52717(192.168.170.13:26398)->104.19.154.83:443
id=1168265025 worker=1 vd=0:0 fw-policy=2
duration=5 expire=3596 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=2612 bytes_out=2381 shutdown=0x0
to-server
SSL Port:
state=3
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=1742 bytes_out=2064 shutdown=0x0

Sessions total=7

The above information shows that web proxy sessions are balanced between both WAD worker processes (index 0 and index 1) on the FortiProxy-VM:

FPX-VM02 # diagnose test application wad 1000
Process [0]: WAD manager type=manager(0) pid=1534 diagnosis=yes.
Process [1]: type=dispatcher(1) index=0 pid=1583 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [2]: type=worker(2) index=0 pid=1584 state=running
diagnosis=no debug=enable valgrind=supported/disabled
Process [3]: type=worker(2) index=1 pid=1585 state=running
diagnosis=no debug=enable valgrind=supported/disabled
Process [4]: type=algo(3) index=0 pid=1582 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [5]: type=informer(4) index=0 pid=1576 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [6]: type=user-info(5) index=0 pid=1580 state=running
diagnosis=no debug=enable valgrind=supported/disabled
Process [7]: type=cache-service-cs(6) index=0 pid=1574 state=running
diagnosis=no debug=enable valgrind=supported/disabled
Process [8]: type=cert-inspection(8) index=0 pid=1578 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [9]: type=YouTube-filter-cache-service(9) index=0 pid=1579 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [10]: type=debug(11) index=0 pid=1572 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [11]: type=config-notify(12) index=0 pid=1577 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [12]: type=tls-fgpt-service(13) index=0 pid=1581 state=running
diagnosis=no debug=enable valgrind=unsupported/disabled
Process [13]: type=object-cache(14) index=0 pid=1573 state=running
diagnosis=no debug=disable valgrind=unsupported/disabled
Process [14]: type=preload daemon(17) index=0 pid=1575 state=running
diagnosis=no debug=disable valgrind=unsupported/disabled