Sniffer Output -------------- Local-FortiGate # diag sniffer packet any 'tcp and port 443' 4 20 interfaces=[any] filters=[tcp and port 443] 12.753418 port3 in 10.0.1.10.61776 -> 204.79.197.203.443: syn 8753495 12.753477 port3 out 204.79.197.203.443 -> 10.0.1.10.61776: syn 838667326 ack 8753496 12.753805 port3 in 10.0.1.10.61776 -> 204.79.197.203.443: ack 838667327 12.753970 port3 in 10.0.1.10.61776 -> 204.79.197.203.443: psh 8753496 ack 838667327 12.753981 port3 out 204.79.197.203.443 -> 10.0.1.10.61776: ack 8753717 12.754033 port1 out 10.200.1.1.61776 -> 204.79.197.203.443: syn 2550438957 12.881450 port1 in 204.79.197.203.443 -> 10.200.1.1.61776: syn 377321860 ack 2550438958 12.881498 port1 out 10.200.1.1.61776 -> 204.79.197.203.443: ack 377321861 12.881643 port3 out 204.79.197.203.443 -> 10.0.1.10.61776: rst 838667327 ack 8753717 12.881704 port1 out 10.200.1.1.61776 -> 204.79.197.203.443: fin 2550438958 ack 377321861 12.881974 port1 in 204.79.197.203.443 -> 10.200.1.1.61776: ack 2550438959 12.882814 port3 in 10.0.1.10.61777 -> 204.79.197.203.443: syn 3202327731 12.882844 port3 out 204.79.197.203.443 -> 10.0.1.10.61777: syn 3554586831 ack 3202327732 12.883404 port3 in 10.0.1.10.61777 -> 204.79.197.203.443: ack 3554586832 12.883487 port1 out 10.200.1.1.61777 -> 204.79.197.203.443: syn 2478434432 12.883632 port3 in 10.0.1.10.61777 -> 204.79.197.203.443: psh 3202327732 ack 3554586832 12.883640 port3 out 204.79.197.203.443 -> 10.0.1.10.61777: ack 3202327953 13.008246 port1 in 204.79.197.203.443 -> 10.200.1.1.61776: rst 377321861 ack 2550438959 13.012221 port1 in 204.79.197.203.443 -> 10.200.1.1.61777: syn 656217655 ack 2478434433 13.012240 port1 out 10.200.1.1.61777 -> 204.79.197.203.443: ack 656217656 ========================================================================= Debug Application WAD --------------------- redirect 33 accepted 10.0.1.10:61416 -> 13.82.28.61:443 on 48 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce570ba0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa83168 sock=50 connecting 10.200.1.1:61416->13.82.28.61:443 redirect 33 accepted 10.0.1.10:61417 -> 204.79.197.203:443 on 52 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce572270 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa83398 sock=53 connecting 10.200.1.1:61417->204.79.197.203:443 redirect 33 accepted 10.0.1.10:61418 -> 204.79.197.203:443 on 54 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa835c8 sock=55 connecting 10.200.1.1:61418->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa83398 fd=53 connected 10.200.1.1:61417->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa83398 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa83280 socket=52 good=0 both ends closed. sock 52 close wad_tcp_port_proc_end(657): tcp 0x7f67daa83280 closed on sock 52 tcp=0x7f67daa83398 socket=53 good=0 both ends closed. sock 53 close wad_tcp_port_proc_end(657): tcp 0x7f67daa83398 closed on sock 53 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa835c8 fd=55 connected 10.200.1.1:61418->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa835c8 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa834b0 socket=54 good=0 both ends closed. sock 54 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 54 tcp=0x7f67daa835c8 socket=55 good=0 both ends closed. sock 55 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 55 redirect 33 accepted 10.0.1.10:61419 -> 204.79.197.203:443 on 52 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa834b0 sock=53 connecting 10.200.1.1:61419->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa83168 fd=50 connected 10.200.1.1:61416->13.82.28.61:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa83168 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa83050 socket=48 good=0 both ends closed. sock 48 close wad_tcp_port_proc_end(657): tcp 0x7f67daa83050 closed on sock 48 tcp=0x7f67daa83168 socket=50 good=0 both ends closed. sock 50 close wad_tcp_port_proc_end(657): tcp 0x7f67daa83168 closed on sock 50 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa834b0 fd=53 connected 10.200.1.1:61419->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa834b0 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa835c8 socket=52 good=0 both ends closed. sock 52 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 52 tcp=0x7f67daa834b0 socket=53 good=0 both ends closed. sock 53 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 53 redirect 33 accepted 10.0.1.10:61420 -> 204.79.197.203:443 on 48 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa835c8 sock=50 connecting 10.200.1.1:61420->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa835c8 fd=50 connected 10.200.1.1:61420->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa835c8 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa834b0 socket=48 good=0 both ends closed. sock 48 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 48 tcp=0x7f67daa835c8 socket=50 good=0 both ends closed. sock 50 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 50 redirect 33 accepted 10.0.1.10:61421 -> 204.79.197.203:443 on 48 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa834b0 sock=50 connecting 10.200.1.1:61421->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa834b0 fd=50 connected 10.200.1.1:61421->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa834b0 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa835c8 socket=48 good=0 both ends closed. sock 48 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 48 tcp=0x7f67daa834b0 socket=50 good=0 both ends closed. sock 50 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 50 redirect 33 accepted 10.0.1.10:61422 -> 204.79.197.203:443 on 48 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa835c8 sock=50 connecting 10.200.1.1:61422->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa835c8 fd=50 connected 10.200.1.1:61422->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa835c8 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa834b0 socket=48 good=0 both ends closed. sock 48 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 48 tcp=0x7f67daa835c8 socket=50 good=0 both ends closed. sock 50 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 50 redirect 33 accepted 10.0.1.10:61423 -> 204.79.197.203:443 on 48 wad_tcp_port_learn_session_config(585): vf_id=0 ses_ctx=0x7f67ce56fdf0 policy-id=1, split-id=0 sec_profile=0x7f67cce12ac8 app_type=1 dd_mode=0 av_idx=9 dd_method=0 tp-mode=1 web_cache=0 ssl_enabled=1 ssl_full=1 wanopt_ssl=0 ssl_exempt_check=1 wad_tcp_port_connect(1846): TCP port=0x7f67daa834b0 sock=50 connecting 10.200.1.1:61423->204.79.197.203:443 wad_tcp_port_on_connect(1660): TCP connection 0x7f67daa834b0 fd=50 connected 10.200.1.1:61423->204.79.197.203:443 wad_ssl_port_open(12830): making SSL port type=7 port=0x7f67daa834b0 wad_ssl_negotiate_make(3048): nego=0x7f67da92a050 wad_ssl_port_get_untrusted_ca(8035): failed to load untrusted ca, sec_profile = 0x7f67cce12ac8wad_ssl_port_close(12734): sp=0x7f67da940050/7 state=0, half=0 wad_ssl_negotiate_close(2970): nego=0x7f67da92a050 tcp=0x7f67daa835c8 socket=48 good=0 both ends closed. sock 48 close wad_tcp_port_proc_end(657): tcp 0x7f67daa835c8 closed on sock 48 tcp=0x7f67daa834b0 socket=50 good=0 both ends closed. sock 50 close wad_tcp_port_proc_end(657): tcp 0x7f67daa834b0 closed on sock 50