FW-DCE-1 # diag sniffer packet any 'host IP-PFSENSE-P1 and (udp port 500 or udp port 4500)' 4 0 l interfaces=[any] filters=[host IP-PFSENSE-P1 and (udp port 500 or udp port 4500)] 2018-07-25 13:59:18.046459 WAN-OCWs out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:18.046461 WAN out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:18.046462 port25 out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:18.068295 WAN-OCWs in IP-PFSENSE-P1.500 -> IP-FORTI-P1B.500: udp 76 2018-07-25 13:59:30.055778 WAN-OCWs out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:30.055781 WAN out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:30.055782 port25 out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:30.078063 WAN-OCWs in IP-PFSENSE-P1.500 -> IP-FORTI-P1B.500: udp 76 2018-07-25 13:59:39.995276 WAN-OCWs out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 292 2018-07-25 13:59:39.995279 WAN out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 292 2018-07-25 13:59:39.995280 port18 out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 292 2018-07-25 13:59:40.018620 WAN-OCWs in IP-PFSENSE-P1.500 -> IP-FORTI-P1B.500: udp 164 2018-07-25 13:59:40.018899 WAN-OCWs out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 228 2018-07-25 13:59:40.018901 WAN out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 228 2018-07-25 13:59:40.018902 port18 out IP-FORTI-P1B.500 -> IP-PFSENSE-P1.500: udp 228 2018-07-25 13:59:40.042872 WAN-OCWs in IP-PFSENSE-P1.500 -> IP-FORTI-P1B.500: udp 244 2018-07-25 13:59:40.043203 WAN-OCWs out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:40.043205 WAN out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:40.043206 port25 out IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:59:40.065113 WAN-OCWs in IP-PFSENSE-P1.500 -> IP-FORTI-P1B.500: udp 76 ---------------------------------------------------------------------------------------------------------- FW-DCE-1 # diag debug enable FW-DCE-1 # diag debug flow filter clear FW-DCE-1 # diag debug flow show function-name enable show function name FW-DCE-1 # diag debug flow show iprope enable show trace messages about iprope FW-DCE-1 # diag debug flow filter addr IP-PFSENSE-P1 FW-DCE-1 # diag debug console time enable FW-DCE-1 # diag debug flow trace start 100 FW-DCE-1 # 2018-07-25 14:00:14 id=20085 trace_id=853 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from local. " 2018-07-25 14:00:14 id=20085 trace_id=853 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-23cc91d3, original direction" 2018-07-25 14:00:14 id=20085 trace_id=854 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:14 id=20085 trace_id=854 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:14 id=20085 trace_id=854 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:14 id=20085 trace_id=854 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:14 id=20085 trace_id=854 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:14 id=20085 trace_id=854 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:14 id=20085 trace_id=854 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:14 id=20085 trace_id=854 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:20 id=20085 trace_id=855 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from local. " 2018-07-25 14:00:20 id=20085 trace_id=855 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-23cc91d3, original direction" 2018-07-25 14:00:20 id=20085 trace_id=856 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:20 id=20085 trace_id=856 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:20 id=20085 trace_id=856 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:20 id=20085 trace_id=856 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:20 id=20085 trace_id=856 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:20 id=20085 trace_id=856 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:20 id=20085 trace_id=856 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:20 id=20085 trace_id=856 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:32 id=20085 trace_id=857 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from local. " 2018-07-25 14:00:32 id=20085 trace_id=857 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-23cc91d3, original direction" 2018-07-25 14:00:32 id=20085 trace_id=858 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:32 id=20085 trace_id=858 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:32 id=20085 trace_id=858 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:32 id=20085 trace_id=858 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:32 id=20085 trace_id=858 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:32 id=20085 trace_id=858 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:32 id=20085 trace_id=858 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:32 id=20085 trace_id=858 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=859 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:500->IP-PFSENSE-P1:500) from local. " 2018-07-25 14:00:42 id=20085 trace_id=859 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, reply direction" 2018-07-25 14:00:42 id=20085 trace_id=860 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:42 id=20085 trace_id=860 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:42 id=20085 trace_id=860 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:42 id=20085 trace_id=860 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:42 id=20085 trace_id=860 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=860 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=860 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=860 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=861 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:500->IP-PFSENSE-P1:500) from local. " 2018-07-25 14:00:42 id=20085 trace_id=861 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, reply direction" 2018-07-25 14:00:42 id=20085 trace_id=862 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:42 id=20085 trace_id=862 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:42 id=20085 trace_id=862 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:42 id=20085 trace_id=862 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:42 id=20085 trace_id=862 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=862 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=862 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=862 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=863 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from local. " 2018-07-25 14:00:42 id=20085 trace_id=863 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-23cc91d3, original direction" 2018-07-25 14:00:42 id=20085 trace_id=864 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:42 id=20085 trace_id=864 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:42 id=20085 trace_id=864 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:42 id=20085 trace_id=864 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:42 id=20085 trace_id=864 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=864 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:42 id=20085 trace_id=864 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:42 id=20085 trace_id=864 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:45 id=20085 trace_id=865 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from local. " 2018-07-25 14:00:45 id=20085 trace_id=865 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-23cc91d3, original direction" 2018-07-25 14:00:45 id=20085 trace_id=866 func=print_pkt_detail line=5292 msg="vd-root received a packet(proto=17, IP-PFSENSE-P1:500->IP-FORTI-P1B:500) from WAN-OCWs. " 2018-07-25 14:00:45 id=20085 trace_id=866 func=resolve_ip_tuple_fast line=5367 msg="Find an existing session, id-22b31ef8, original direction" 2018-07-25 14:00:45 id=20085 trace_id=866 func=vf_ip_route_input_common line=2576 msg="find a route: flag=80000000 gw-IP-FORTI-P1B via root" 2018-07-25 14:00:45 id=20085 trace_id=866 func=iprope_in_check line=394 msg="in-[WAN-OCWs], out-[], skb_flags-02000100, vid-0" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check line=2125 msg="gnum-100011, check-ffffffffa00260c0" 2018-07-25 14:00:45 id=20085 trace_id=866 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check line=2125 msg="gnum-100001, check-ffffffffa00256a0" 2018-07-25 14:00:45 id=20085 trace_id=866 func=iprope_policy_group_check line=4214 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check line=2125 msg="gnum-10000e, check-ffffffffa00256a0" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-no-match, act-accept" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check_one_policy line=1899 msg="checked gnum-10000e policy-4294967295, ret-matched, act-accept" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check_one_policy line=2096 msg="policy-4294967295 is matched, act-accept" 2018-07-25 14:00:45 id=20085 trace_id=866 func=__iprope_check line=2144 msg="gnum-10000e check result: ret-matched, act-accept, flag-00000001, flag2-00000000" 2018-07-25 14:00:45 id=20085 trace_id=866 func=iprope_policy_group_check line=4214 msg="after check: ret-matched, act-accept, flag-00000001, flag2-00000000"