FW-DTO-1 # diag sniffer packet any 'host IP-PFSENSE-P1 and (udp port 500 or udp port 4500)' 4 0 l interfaces=[any] filters=[host IP-PFSENSE-P1 and (udp port 500 or udp port 4500)] 2018-07-25 13:49:00.431813 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:00.431817 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:00.431818 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:00.431818 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: ud p 112 2018-07-25 13:49:12.441465 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:12.441469 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:12.441469 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:12.441470 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:22.432002 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:22.432007 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:22.432007 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:22.432008 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:25.441119 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:25.441123 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:25.441124 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:25.441124 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:31.460935 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:31.460938 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:31.460939 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:31.460940 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:43.470570 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:43.470574 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:43.470574 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:43.470575 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:53.450727 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:53.450731 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:53.450732 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:53.450733 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:56.470224 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:56.470228 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:56.470228 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:49:56.470229 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:50:02.480050 WAN-OCWs in IP-FORTI-P1B.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:50:02.480056 INTERNET out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:50:02.480056 LAG-PROD out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 2018-07-25 13:50:02.480057 port4 out IP-FORTI-P1A.4500 -> IP-PFSENSE-P1.4500: udp 112 ---------------------------------------------------------------------------------------------------------- FW-DTO-1 # diag debug enable FW-DTO-1 # diag debug flow filter clear FW-DTO-1 # diag debug flow show function-name enable show function name FW-DTO-1 # diag debug flow show iprope enable show trace messages about iprope FW-DTO-1 # diag debug flow filter addr IP-PFSENSE-P1 FW-DTO-1 # diag debug console time enable FW-DTO-1 # diag debug flow trace start 100 FW-DTO-1 # 2018-07-25 13:50:14 id=20085 trace_id=962 func=print_pkt_detail line= 5311 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4 500) from WAN-OCWs. " 2018-07-25 13:50:14 id=20085 trace_id=962 func=resolve_ip_tuple_fast line=5386 m sg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:14 id=20085 trace_id=962 func=npu_handle_session44 line=1093 ms g="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:14 id=20085 trace_id=962 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:24 id=20085 trace_id=963 func=print_pkt_detail line=5311 msg="v d-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from W AN-OCWs. " 2018-07-25 13:50:24 id=20085 trace_id=963 func=resolve_ip_tuple_fast line=5386 m sg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:24 id=20085 trace_id=963 func=npu_handle_session44 line=1093 ms g="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:24 id=20085 trace_id=963 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:27 id=20085 trace_id=964 func=print_pkt_detail line=5311 msg="v d-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from W AN-OCWs. " 2018-07-25 13:50:27 id=20085 trace_id=964 func=resolve_ip_tuple_fast line=5386 m sg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:27 id=20085 trace_id=964 func=npu_handle_session44 line=1093 ms g="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:27 id=20085 trace_id=964 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:33 id=20085 trace_id=965 func=print_pkt_detail line=5311 msg="v d-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from W AN-OCWs. " 2018-07-25 13:50:33 id=20085 trace_id=965 func=resolve_ip_tuple_fast line=5386 m sg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:33 id=20085 trace_id=965 func=npu_handle_session44 line=1093 ms g="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:33 id=20085 trace_id=965 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:45 id=20085 trace_id=966 func=print_pkt_detail line=5311 msg="v d-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from W AN-OCWs. " 2018-07-25 13:50:45 id=20085 trace_id=966 func=resolve_ip_tuple_fast line=5386 m sg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:45 id=20085 trace_id=966 func=npu_handle_session44 line=1093 ms g="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:45 id=20085 trace_id=966 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:55 id=20085 trace_id=967 func=print_pkt_detail line=5311 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from WAN-OCWs. " 2018-07-25 13:50:55 id=20085 trace_id=967 func=resolve_ip_tuple_fast line=5386 msg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:55 id=20085 trace_id=967 func=npu_handle_session44 line=1093 msg="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:55 id=20085 trace_id=967 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:50:58 id=20085 trace_id=968 func=print_pkt_detail line=5311 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from WAN-OCWs. " 2018-07-25 13:50:58 id=20085 trace_id=968 func=resolve_ip_tuple_fast line=5386 msg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:50:58 id=20085 trace_id=968 func=npu_handle_session44 line=1093 msg="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:50:58 id=20085 trace_id=968 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500" 2018-07-25 13:51:04 id=20085 trace_id=969 func=print_pkt_detail line=5311 msg="vd-root received a packet(proto=17, IP-FORTI-P1B:4500->IP-PFSENSE-P1:4500) from WAN-OCWs. " 2018-07-25 13:51:04 id=20085 trace_id=969 func=resolve_ip_tuple_fast line=5386 msg="Find an existing session, id-0770044c, reply direction" 2018-07-25 13:51:04 id=20085 trace_id=969 func=npu_handle_session44 line=1093 msg="Trying to offloading session from WAN-OCWs to INTERNET, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000" 2018-07-25 13:51:04 id=20085 trace_id=969 func=__ip_session_run_tuple line=3209 msg="SNAT IP-FORTI-P1B->IP-FORTI-P1A:4500"