Wednesday, September 25, 2013

diagnose debug flow

FGT # diagnose debug flow filter daddr <dst_server_ip>
FGT # diagnose debug flow show  console enable
FGT  # diagnose debug enable
FGT # diagnose debug  flow trace  start 1000


id=36870 trace_id=400 msg="vd-root received a packet(proto=17, 192.168.3.20:1470-><dns_server_ip>:53) from to_client."
id=36870 trace_id=400 msg="allocate a new session-00002a55"
id=36870 trace_id=400 msg="find a route: gw-172.16.0.254 via to_server"
id=36870 trace_id=400 msg="find SNAT: IP-172.16.0.100, port-36150"
id=36870 trace_id=400 msg="Denied by end point ip filter check"


Once the test is complete, the debug outputs should be disabled by using the commands:

   # diag debug flow trace stop
   # diag debug reset
   # diag debug disable
Posted by at 1 comment:

Wednesday, September 4, 2013

FortiOS 5 Advanced Email server Settings (Fortigate firewall) change SMTP port

FG300Cxxxxxxxx # get system email-server
type                : custom
reply-to            : irfan@abcd.com
server              : smtp.abcd.com
port                : 25
source-ip           : 0.0.0.0
source-ip6          : ::
authenticate        : enable
username            : irfan.m@cisinlabs.com
password            : *
security            : none

-----------------------------------------------------------------------------------------
FG300Cxxxxxxxx # config system email-server

FG300Cxxxxxxxx (email-server) # set port 587

FG300Cxxxxxxxx (email-server) # end

FG300Cxxxxxxxx #

-------------------------------------------------------------------------------------------

FG300Cxxxxxxxx # get system email-server
type                : custom
reply-to            : irfan@abcd.com
server              : smtp.abcd.com
port                : 587
source-ip           : 0.0.0.0
source-ip6          : ::
authenticate        : enable
username            : irfan.m@cisinlabs.com
password            : *
security            : none 
Posted by at No comments:
Subscribe to: Posts (Atom)