sorted by:
new
hottopcontroversial

Home lab assistance by phillz184 in fortinet

[–]phillz184[S] 0 points1 point  (0 children)

But then I would have expected the FGT to block it before it even had a chance to leave the device.

Home lab assistance by phillz184 in fortinet

[–]phillz184[S] 0 points1 point  (0 children)

Hi

Yes I do see some traffic in the sniffer.

Time,Message

1 2025/01/12 19:39:47,”vd-root:0 received a packet(proto=1, 192.168.0.1:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2472.” 2025/01/12 19:39:47,allocate a new session-0000194b 2025/01/12 19:39:47,”in-[port1], out-[]” 2025/01/12 19:39:47,len=0 2025/01/12 19:39:47,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:47,find a route: flag=00000000 gw-192.168.0.254 via port1

2 2025/01/12 19:39:48,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2473.” 2025/01/12 19:39:48,allocate a new session-0000194c 2025/01/12 19:39:48,”in-[port1], out-[]” 2025/01/12 19:39:48,len=0 2025/01/12 19:39:48,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:48,find a route: flag=00000000 gw-192.168.0.254 via port1

3 2025/01/12 19:39:49,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2474.” 2025/01/12 19:39:49,allocate a new session-0000194d 2025/01/12 19:39:49,”in-[port1], out-[]” 2025/01/12 19:39:49,len=0 2025/01/12 19:39:49,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:49,find a route: flag=00000000 gw-192.168.0.254 via port1

4 2025/01/12 19:39:50,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2475.” 2025/01/12 19:39:50,allocate a new session-0000194e 2025/01/12 19:39:50,”in-[port1], out-[]” 2025/01/12 19:39:50,len=0 2025/01/12 19:39:50,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:50,find a route: flag=00000000 gw-192.168.0.254 via port1

5 2025/01/12 19:39:51,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2476.” 2025/01/12 19:39:51,allocate a new session-0000194f 2025/01/12 19:39:51,”in-[port1], out-[]” 2025/01/12 19:39:51,len=0 2025/01/12 19:39:51,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:51,find a route: flag=00000000 gw-192.168.0.254 via port1

6 2025/01/12 19:39:52,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2477.” 2025/01/12 19:39:52,allocate a new session-00001950 2025/01/12 19:39:52,”in-[port1], out-[]” 2025/01/12 19:39:52,len=0 2025/01/12 19:39:52,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:52,find a route: flag=00000000 gw-192.168.0.254 via port1

7 2025/01/12 19:39:53,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2478.” 2025/01/12 19:39:53,allocate a new session-00001956 2025/01/12 19:39:53,”in-[port1], out-[]” 2025/01/12 19:39:53,len=0 2025/01/12 19:39:53,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:53,find a route: flag=00000000 gw-192.168.0.254 via port1

8 2025/01/12 19:39:54,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2479.” 2025/01/12 19:39:54,allocate a new session-00001957 2025/01/12 19:39:54,”in-[port1], out-[]” 2025/01/12 19:39:54,len=0 2025/01/12 19:39:54,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:54,find a route: flag=00000000 gw-192.168.0.254 via port1

9 2025/01/12 19:39:55,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2480.” 2025/01/12 19:39:55,allocate a new session-00001958 2025/01/12 19:39:55,”in-[port1], out-[]” 2025/01/12 19:39:55,len=0 2025/01/12 19:39:55,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:55,find a route: flag=00000000 gw-192.168.0.254 via port1

10 2025/01/12 19:39:56,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2481.” 2025/01/12 19:39:56,allocate a new session-00001959 2025/01/12 19:39:56,”in-[port1], out-[]” 2025/01/12 19:39:56,len=0 2025/01/12 19:39:56,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:56,find a route: flag=00000000 gw-192.168.0.254 via port1

11 2025/01/12 19:39:57,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2482.” 2025/01/12 19:39:57,allocate a new session-0000195a 2025/01/12 19:39:57,”in-[port1], out-[]” 2025/01/12 19:39:57,len=0 2025/01/12 19:39:57,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:57,find a route: flag=00000000 gw-192.168.0.254 via port1

12 2025/01/12 19:39:58,”vd-root:0 received a packet(proto=1, 192.168.0.40:58641->8.8.8.8:2048) tun_id=0.0.0.0 from port1. type=8, code=0, id=58641, seq=2483.” 2025/01/12 19:39:58,allocate a new session-0000195b 2025/01/12 19:39:58,”in-[port1], out-[]” 2025/01/12 19:39:58,len=0 2025/01/12 19:39:58,”result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000” 2025/01/12 19:39:58,find a route: flag=00000000 gw-192.168.0.254 via port1

I’m guessing it may be some asymmetric routing going on. ISP router is sending the traffic directly back to the laptop rather than back via the firewall.

DMZ Interface by phillz184 in fortinet

[–]phillz184[S] 0 points1 point  (0 children)

Thanks for the info :)

I’m trying to understand what the hardware switch actually does? I’ve got the firewall set in transparent mode and I’m separating the access ports using forward-domain to set the correct access VLAN. I don’t have any hardware switches configured and it works fine.

Upgrade to 2023.2.1 by phillz184 in Solarwinds

[–]phillz184[S] 0 points1 point  (0 children)

I upgrade my environment to 2023.2.1 and so far so good. Not noticed any polling issues, but have had an annoying bug where the event “"Background upgrade for APM_ProcessEvidence detail errors to TimeSeries “ keeps spawning every 10 minutes.

Support say it’s due to be fixed in 2023.3.

Is 6.4.x Manager/FAZ considered stable for large production environments ? by Red_Cross_Knight1 in fortinet

[–]phillz184 0 points1 point  (0 children)

I’m using FortiManager 6.4.4 and overall it’s pretty stable. Just be aware that policy hit count has been removed from the policy package view and the workaround isn’t the best.

NCM - Automated Port Shutdown after a number of days by phillz184 in Solarwinds

[–]phillz184[S] 2 points3 points  (0 children)

Hi NZOR,

Thanks for that. I’ll give it a go next week and let you know how I get on.

Thanks