conf_file_ver=2873081117195307246? 每一次備份都會(huì)生成一個(gè)這樣的序號(hào)，不影響使用。

?

這個(gè)本地證書，每次都發(fā)生變化。請問這個(gè)是正常的吧？ 為什么每次這個(gè)證書都會(huì)不同？ 是根據(jù)設(shè)備的什么參數(shù)，還是隨機(jī)的。為什么別的證書不是這樣的。

這個(gè)是正常的。是程序代碼故意處理的，只對證書的私鑰部分作了處理。

diagnose debug enable

diagnose debug console timestamp enable

diagnose debug flow filter

diagnose debug console show console enable

diagnose debug flow trace start xxxx? 輸出多少個(gè)符合條件的包

diagnose debug flow show function-name enable

五元組? 源地址 目的地址 源端口 目的端口 接口。

?$ 2012-05-25 13:50:50 id=20085 trace_id=90 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:50 id=20085 trace_id=90 msg="allocate a new session-19efae23"
2012-05-25 13:50:50 id=20085 trace_id=90 msg="find a route: gw-195.0.4.3 via BMWZ"
2012-05-25 13:50:50 id=20085 trace_id=90 msg="Allowed by Policy-20:"
2012-05-25 13:50:51 id=20085 trace_id=91 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:51 id=20085 trace_id=91 msg="Find an existing session, id-19efae23, original direction"
2012-05-25 13:50:52 id=20085 trace_id=92 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:52 id=20085 trace_id=92 msg="Find an existing session, id-19efae23, original direction"
2012-05-25 13:50:53 id=20085 trace_id=93 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.4.3:8) from OUT."
2012-05-25 13:50:53 id=20085 trace_id=93 msg="Find an existing session, id-19efae23, original direction"

?

?

會(huì)話同步是自動(dòng)的（配置勾選了會(huì)話同步）, 備墻重新啟動(dòng)后，就進(jìn)行會(huì)話的同步, 同步主墻當(dāng)前及以后新建的TCP會(huì)話.TCP會(huì)話同步，UDP、ICMP、多播、廣播不同步. diag debug app hatalk -1 diag sys ha dump 1 diag debug enable命令的輸出可以在telnet管理界面顯示.

$ 2012-05-25 13:54:33 id=20085 trace_id=94 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:33 id=20085 trace_id=94 func=resolve_ip_tuple line=2799 msg="allocate a new session-19efb092"
2012-05-25 13:54:33 id=20085 trace_id=94 func=vf_ip4_route_input line=1543 msg="find a route: gw-195.0.2.10 via CWJZ"
2012-05-25 13:54:33 id=20085 trace_id=94 func=fw_forward_handler line=317 msg="Allowed by Policy-5:"
2012-05-25 13:54:34 id=20085 trace_id=95 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:34 id=20085 trace_id=95 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"
2012-05-25 13:54:35 id=20085 trace_id=96 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:35 id=20085 trace_id=96 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"
2012-05-25 13:54:36 id=20085 trace_id=97 func=resolve_ip_tuple_fast line=2700 msg="vd-root received a packet(proto=1, 199.0.13.120:512->195.0.2.10:8) from OUT."
2012-05-25 13:54:36 id=20085 trace_id=97 func=resolve_ip_tuple_fast line=2727 msg="Find an existing session, id-19efb092, original direction"

?

?

FG200A2104450177 (global) # get sys ha status Model: 200 Mode: a-p Group: 35 Debug: 0 ses_pickup: disable Master:200 FG200A2104450177 FG200A2104450177 1 Slave :100 FG200A2104450399 FG200A2104450399 0 number of vcluster: 2 vcluster 1: work 169.254.0.2 Master:0 FG200A2104450177 Slave :1 FG200A2104450399 vcluster 2: standby 169.254.0.1 Slave :1 FG200A2104450177 Master:0 FG200A2104450399

?

?

?

FGT8002604400020 # id=36870 trace_id=71 func=resolve_ip_tuple_fast line=3427 msg="vd-root received a packet(proto=17, 2.168.118.34:138->192.168.118.255:138) from internal." ???? 查看的是 vd-root ? id=36870 trace_id=71 func=resolve_ip_tuple line=3559 msg="allocate a new session-0000a07c" ?創(chuàng)建一個(gè)會(huì)話 ? id=36870 trace_id=71 func=vf_ip4_route_input line=1585 msg="find a route: gw-192.168.118.255 via root"? ? 目的路由檢查 ? id=36870 trace_id=71 func=fw_local_in_handler line=237 msg="iprope_in_check() check failed, drop"??? 防火墻策略。這里被drop，也就是deny了。

?

FGT50B3G07516763 # diagnose debug flow show console enable show trace messages on console FGT50B3G07516763 # diagnose debug flow show function-name enable show function name FGT50B3G07516763 # diagnose debug flow filter addr 192.168.3.189 FGT50B3G07516763 # FGT50B3G07516763 # FGT50B3G07516763 # diagnose debug flow trace start 20 FGT50B3G07516763 # diagnose debug enable?????????? FGT50B3G07516763 # id=36871 trace_id=1 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=1 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907a" id=36871 trace_id=1 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" 源路由檢測失敗 id=36871 trace_id=2 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=2 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907b" id=36871 trace_id=2 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" id=36871 trace_id=3 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=3 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907c" id=36871 trace_id=3 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop" id=36871 trace_id=4 func=resolve_ip_tuple_fast line=3757 msg="vd-root received a packet(proto=1, 192.168.3.189:1->192.168.1.254:8) from internal." id=36871 trace_id=4 func=resolve_ip_tuple line=3889 msg="allocate a new session-0037907d" id=36871 trace_id=4 func=ip_route_input_slow line=1268 msg="reverse path check fail, drop"

轉(zhuǎn)載于:https://blog.51cto.com/3layer/878926

總結(jié)

以上是生活随笔為你收集整理的FortiGate 的相关知识的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。