标签:dnat font domain 火墙 dex vpd 地址 none ado
FG600D3918701304 # diagnose sys session filter(设置过滤条件)
vd Index of virtual domain. -1 matches all.
sintf Source interface.
dintf Destination interface.
src Source IP address.
nsrc NAT'd source ip address
dst Destination IP address.
proto Protocol number.
sport Source port.
nport NAT'd source port
dport Destination port.
policy Policy ID.
expire expire
duration duration
proto-state Protocol state.
session-state1 Session state1.
session-state2 Session state2.
clear Clear session filter.
negate Inverse filter.
FG600D3918701304 # diagnose sys session filter src 10.10.10.1(设置过滤条件为源地址10.10.10.1)
FG600D3918701304 # diagnose sys session list(罗列出过滤条件匹配的会话)
session info: proto=17 proto_state=01 duration=18 expire=161 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255
state=redir log local may_dirty nlb none
statistic(bytes/packets/allow_err): org=55/1/1 reply=71/1/1 tuples=3
tx speed(Bps/kbps): 2/0 rx speed(Bps/kbps): 3/0
orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1
hook=post dir=org act=snat 10.10.10.1:54831->223.5.5.5:53(113.102.131.230:54831)
hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:54831(10.10.10.1:54831)
hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:54831(0.0.0.0:0)
misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0
serial=012ee90e tos=40/40 app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040400
no_ofld_reason: redir-to-av non-npu-intf
session info: proto=17 proto_state=01 duration=9 expire=170 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255
state=redir log local may_dirty nlb none
statistic(bytes/packets/allow_err): org=71/1/1 reply=148/1/1 tuples=3
tx speed(Bps/kbps): 7/0 rx speed(Bps/kbps): 15/0
orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1
hook=post dir=org act=snat 10.10.10.1:56119->223.5.5.5:53(113.102.131.230:56119)
hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:56119(10.10.10.1:56119)
hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:56119(0.0.0.0:0)
misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0
serial=012eedd7 tos=40/40 app_list=0 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x040400
no_ofld_reason: redir-to-av non-npu-intf
......
FG600D3918701304 # diagnose sys session clear(将过滤条件匹配的所有会话清除)
FG600D3918701304 # diagnose sys session list(再次查看过滤条件匹配的所有会话)
total session 0(会话为 0)
FG600D3918701304 # diagnose sys session filter clear(清除设置好的过滤条件)
标签:dnat font domain 火墙 dex vpd 地址 none ado
原文地址:http://blog.51cto.com/abnerhuang/2067585
