We have set the following debug to check how our policies apply to traffic:
dia deb info debug output: enable console output: disable debug timestamp: enable sysinit output: disabled flow-filter client_ip: flow-filter flow-detail: 0 flow-filter http-detail: 0 flow-filter module-detail: 1 flow-filter session-detail: 0 flow-trace: 1 writedisk: 0 CLI debug level: 1
We have also enabled module-detail for all modules:
dia deb flow filter module-detail module all
On the debug output we see the following:
Module name:x_forworded_for, Execution:4, Process error:0, Action:ACCEPT Module name:known_engine, Execution:4, Process error:-1, Action:ACCEPT Module name:geo_block, Execution:4, Process error:0, Action:ACCEPT Module name:websocket_security, Execution:3, Process error:0, Action:ACCEPT Module name:hsts_header, Execution:4, Process error:5, Action:ACCEPT Module name:allow_method, Execution:4, Process error:0, Action:ACCEPT Module name:real_browser_enforcement, Execution:3, Process error:2, Action:ACCEPT Module name:session_management, Execution:4, Process error:0, Action:ACCEPT Module name:global_white_list, Execution:4, Process error:0, Action:ACCEPT Module name:global_white_list, Execution:4, Process error:0, Action:ACCEPT Module name:url_access, Execution:4, Process error:7, Action:ACCEPT Module name:file_security, Execution:3, Process error:0, Action:ACCEPT Module name:chunk_decode, Execution:3, Process error:4, Action:ACCEPT Module name:file_uncompress, Execution:3, Process error:0, Action:ACCEPT Module name:file_uncompress, Execution:3, Process error:0, Action:ACCEPT Module name:csrf_check, Execution:4, Process error:0, Action:ACCEPT Module name:mitb_check, Execution:4, Process error:0, Action:CACCEPT Module name:xml_validation, Execution:3, Process error:4, Action:ACCEPT Module name:json_protection, Execution:1, Process error:3, Action:ACCEPT Module name:signature_detection, Execution:4, Process error:7, Action:ACCEPT Module name:custom_access, Execution:4, Process error:6, Action:ACCEPT Module name:user_tracking, Execution:3, Process error:2, Action:ACCEPT Module name:url_rewriting, Execution:4, Process error:0, Action:ACCEPT Module name:file_compress, Execution:3, Process error:-1, Action:ACCEPT Module name:http_header_security, Execution:3, Process error:0, Action:ACCEPT Module name:client_cert_forword, Execution:3, Process error:3, Action:ACCEPT Module name:file_security, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:chunk_decode, Execution:3, Process error:4, Action:FOLLOWUP_FAILE Module name:file_uncompress, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:file_uncompress, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:csrf_check, Execution:3, Process error:7, Action:FOLLOWUP_FAILE Module name:mitb_check, Execution:4, Process error:0, Action:FOLLOWUP_FAILE Module name:xml_validation, Execution:3, Process error:6, Action:FOLLOWUP_FAILE Module name:json_protection, Execution:3, Process error:6, Action:FOLLOWUP_FAILE Module name:signature_detection, Execution:2, Process error:28, Action:ACCEPT Module name:custom_access, Execution:4, Process error:6, Action:ACCEPT Module name:user_tracking, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:url_rewriting, Execution:3, Process error:24, Action:FOLLOWUP_FAILE Module name:machine_learning, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:file_compress, Execution:3, Process error:-1, Action:FOLLOWUP_FAILE Module name:file_compress, Execution:3, Process error:0, Action:FOLLOWUP_FAILE Module name:machine_learning, Execution:2, Process error:2, Action:ACCEPT
Any idea on how we should interpret Execution #, Process error # and Action? Is this documented?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.