Fortigate Firewall Packet Flow - in depth for troubleshoot
Рет қаралды 40,859
Күн бұрын========================fortigate firewall packet flow.=================
Fortigate firewall architecture
CP8 & NP6
Hardware acceleration
dirty flag, may dirty flags
IPS
Life of a session
I know its always “Life of a packet” when any vendor explain the packet flow of firewall, but I don’t agree with this sentence as this can create miss understanding which I will explain in this article. as per me the topic name should be Life of a session.
Why ? To explain this lets take a simple example of HTTPs traffic only.
Because when you type www.tekguru4u.com in the browser then its not only syn packet that goes from your PC and get inspected via Firewall but lot of packets get exchanged before you see the web-page. so how it can be "Life of a packet"? Either "Life of packets " but that doesn't make sense because packets can also be from another website request.
1. DNS Query
2. Complete 3-way handshake.
3. Complete SSL Handshake and then
4. HTTP requests. where lot of HTTP packets will be exchanged
5. and if in the same website you change the application then packet will be checked for "Change of application " Like in tunneled application.
You have seen how many packets get exchanged from one session. And every packet has different packet flow.
1. 1st packet of session is DNS packet and its treated differently than other packets.
2. After that 3 way handshake starts.
3. First packet of 3 way handshake does not get offloaded and it has to travel from all the inspection modes.
4. Rest packets of 3 way handshake will get offloaded.
5. Another great point to know is that complete three way handshake does not need to match with the Layer-7 inspection (UTM) because it works upto L4. but fortigate in its logs you can see that packet is passed through Layer-7 inspection. which does not make sense. But nothing is matched here.
6. for inspecting a packet at Layer-7 at-least small amount of data is required after 3-way handshake. http get request
@VipulChakraborty 4 ай бұрын
What a great explanation of Packet Flow. Loved it. Thank you.
@JO-hp8nt 3 жыл бұрын
Bro! You just saved me a good deal of time as I've been pondering why my custom signatures were not working like how so many people described on the web. Well with your indepth explanation, you made it so clear and gave me a vision and long story short, because the IPS doesn't kick in until after the session is added to the session table, other things could be blocking my packet before it hit the IPS. Which was the case. As soon as I create a policy and put it above all the others and pretty much made it wide open to test, bingo! I can't thank you enough for the work you did, this was wonderful.
@SantoshSharma 2 жыл бұрын
spread the words🤗
@nasirabbas2786 3 жыл бұрын
Thanks sir, i was trying to understand fortigate packet flow from fortigate page itself but did'nt understand. Your way of explanation is easy to understand, super explanation. Again thanks sir!
@robertron5303 3 жыл бұрын
Much appreciated, greetings from Vienna
@hariprasad-uw2yn 2 жыл бұрын
Brother, I always like your Video.No one should dislike it as far as Networking is concerned.
@patricksigrist4831 Жыл бұрын
Great video. The main reason, why routing has to be done before the FW policy is, that the routing determines the involved interfaces, especially the egress interface which is key to determine the matching policy as we have the incoming (ingress) and outgoing (egress) interfaces, which are mandatory elements for a FW policy. This shows, that routing is key, also in terms of firewall policies. It's a good rule of thumb: "Always check the routing first" when dealing with weird firewall behaviors.
@SantoshSharma Жыл бұрын
perfect subscribe and share to support this channel
@govindjadhav5273 3 жыл бұрын
Superb bro..well done. much helpful.
@GauravSingh-ru4fl 4 жыл бұрын
Wonderful Bro !!
@shivanarayana4976 Жыл бұрын
Very nice explanation sir, sharing good knowledge
@kirubakaran9357 3 жыл бұрын
Sir it's my feedback Really cool and crystal clear session for upcoming TAC engineer of fortigate also information that your gathered show the effort of you thanks a lot sir........
@JO-hp8nt 3 жыл бұрын
I could not have said it any better myself.
@RohitPandey-ig7ht 3 жыл бұрын
Great content!!
@ManojKumar-lr3ky 4 жыл бұрын
Wonderful bro its really very informative need more troubleshooting videos ...
@learnenglishvocabulary550 4 жыл бұрын
Greeting, Technical_Scoop. extremely picturesque video. thanks. :)
@samiyaanjum5145 3 жыл бұрын
Awesome brother, great explanation, can you make another showing differences between application,dns and web filter. Explaining in detail when to use which filter. Can you explain how SDWAN rules can impact the SNAT selection in policy
@swapnillande4427 2 жыл бұрын
Very helpful 👍, thank you.
@stalinkoilraj9820 3 жыл бұрын
good bro ! policy will be the first counter for all the traffic before it moves to NAT and Security
@motorbazar8358 2 жыл бұрын
Slow path process :- 1>DNAT , 2> Routing , 3> Policy , 4>SNAT .... 2nd Question answers :- if there will be no routing in that case.. no use of policy lookup .. so by doing routing lookup we are not much consuming CPU Utilization of firewall ... Thank u so much for explaining it :)
@urdhffkt 2 жыл бұрын
Thank you sir, this video is very helpful
@anurag3v4 3 жыл бұрын
Good explaination
@safwatramadan7640 8 ай бұрын
Very helpful thanks 👏
@beatsizedj 3 жыл бұрын
You king sir! Thank you very much for this Video. If you would have had a good Microphone I would rate this Video 11/10!
@MsAruntiwari 5 ай бұрын
Great explanation. Thanks or this knowledge.
@arian7472 4 жыл бұрын
excellent
@vivekprajapati7911 4 жыл бұрын
sir thanks ...
@mahendrazanje6242 2 жыл бұрын
Awesome
@AbhijitDas-lw9mh 5 ай бұрын
Fantastic explanation. Could you please share the traffic flow diagram which you explain here.
@sridhark2547 3 жыл бұрын
Thank you
@prabhakarshandilya6082 2 жыл бұрын
Really nice
@SantoshSharma 2 жыл бұрын
Thanks, spread the words 🙏🏻🤗
@saidsalehi4719 2 жыл бұрын
The route is before Policy because after Routing, specify the Policy ,based on the outgoing interface
@venkatreddy4345 Жыл бұрын
In the slow path it checks the DNAT, Routing , Policy Lookup, SNAT
@kirubakaran9357 3 жыл бұрын
25:10 What is slow path chkng proccess? 1 DNAT 2. ROUTING 3 POLICY 4 SNAT
@sherkn 4 жыл бұрын
Your Explanation was very deep, awezome video. I have a question for you, if i have an specific Firewalls rule at the end, saying ¨Deny any any", and prior that rules execute i have some other App rule (let say office365 for example) the Application control Will not be able to detect the Application because of the "deny" rule it Will not be able to complete the 3way handshake therefore there is no flow to catch? im Right?
@SantoshSharma 4 жыл бұрын
Cristian Silva u r right so its always recommend that deny deny at last and then all permit on above and if u creat rule for app with allow like allow youtube then it will do 3 way from that rule
@amitkumarsingh2176 4 ай бұрын
JAI SHREE RAM🙏
@johnbruurmijn9178 Жыл бұрын
Love the video! Would it be possible to share the flow chart you made? Want to use it as my background, to have a quick peak when needed.
@SantoshSharma Жыл бұрын
thanks John, i lost it myself. my website was expired and was no plan to extend due to high cost. but renwed website , unfortuantely lost images.
@beatsizedj 3 жыл бұрын
Just a Question. You said that every packet gets handeld first by the CPU. But not in the Case of DDos right? Then de SP would block it before passing the traffic to the CPU? Or other related IPS things?
@SantoshSharma 3 жыл бұрын
superb
@prashantakarmakar3111 4 жыл бұрын
Hello Sir. Thank you for the content. But I have one question. Where is the DNAT happening for Fast Path?
@SantoshSharma 4 жыл бұрын
slow path
@indiankid 9 ай бұрын
You gained a subsciber thanks for awesome content
@yogeshwartripathi9018 2 жыл бұрын
could you please focus on fast path steps in deep?
@ghanshyamtrilok7062 Жыл бұрын
how can i enroll for other videos
@vaibhavcavutur8839 Жыл бұрын
where does urpf happen in packet flow ?
@Shubhontube Жыл бұрын
Hi, Which command I should ran to check this flow of packets on my device
@SantoshSharma Жыл бұрын
diag debug check my another video on this
@rosatechnocrat2206 Жыл бұрын
diag debug flow show iprope enable diagnose debug flow show function-name enable diag debug flow trace start 1000 diag debug enable You can also filter for specific IP address Flow by using - diag debug flow filter
@FranciscoSilva-kj8zt 11 ай бұрын
Hey, great video. It's possible to share the powerpoint or the images of this presentation. If i try to reach the source image, i got http 404. Thanks in advance.
@ravikumarsinge5887 2 жыл бұрын
Hello , Do you have full Forti gate videos , if nor here on other platform , Please let me know
@SantoshSharma 2 жыл бұрын
Sorry bro, no videos for now. but planning to make in near furure
@gopalsrinivasa6267 3 жыл бұрын
If Destination NAT is verified before security policy check then why in WAN to LAN security policy, under Destination Address Public IP is given. why cant we directly give Private IP address. My doubt is not only for Fortigate but also for other firewalls like Sonicwall & Paloalto also.
@SantoshSharma 3 жыл бұрын
Destination IP In fortigate is VIP. virtual IP. so in Fortigate its very easy. no confusion at all. packet flow helps you to tell which is happening when.
@gopalsrinivasa6267 3 жыл бұрын
@@SantoshSharma Hi thanks for your reply, Can you explain packet flow for Sonicwall.
@paulvarges3323 3 жыл бұрын
hello, do you share that power point doc?
@SantoshSharma 3 жыл бұрын
Go to my websiite to see this packet flow in image
@monu836 4 жыл бұрын
Are you teaching over the Skype or zoom
@SantoshSharma 4 жыл бұрын
Monu Gothwal What happend? I didn’t understand the question, if u want training , Please contact me on email info@tekguru4u.com
@ameeransar5297 8 ай бұрын
Pls share the flow chart
@Mehsud2023 11 ай бұрын
sir please upload the flow chart in HD Format
@lokeshreddysura6836 Жыл бұрын
IPS LOGS, APP LOGS, WEBFILTER Logs are not visible kindly Share the screenshot.
@hariprasad-uw2yn 2 жыл бұрын
one dislike may be a child when his father watching the video the child could have click it.
@SantoshSharma 2 жыл бұрын
🤩🤩
@kirubakaran9357 3 жыл бұрын
25:11 Question Why routing before policy ? Ans Because in an Firewall it has lot of policies it means utilize cpu n latency so it will check first routing its ec and also it's crct path
@toptalkers7980 3 жыл бұрын
On the basis of routing firewall determine the egress interface and then the policy lookup is done for that flow. Without the egress information policy check won't take place
@SantoshSharma 3 жыл бұрын
@@toptalkers7980 i would say awesome answer
@toptalkers7980 3 жыл бұрын
@@SantoshSharma thank you sir
@FRITTY12348546 Жыл бұрын
pls activate windows
Skilled Inspirational Academy(www.sianets.com)
Рет қаралды 9 М.
Skilled Inspirational Academy(www.sianets.com)
Рет қаралды 26 М.