I can not get my head wrapped around this one.
Our branch office it trying to connect to our mailsever (untrust to dmz) using SMTP.
I can see a few packets going throu, but suddenly the dbuf says session not found ????
Reading the packet flow is kinda new to me, and this time I just dont get.
Can anyone explain this dbuf stream to me please :
(the last 2 'entries' show 'dropped packet' but the entries before seem similar and do get through.
(I suspect the 'session not found' is the culprit. but why is it not found anymore ?)
beovpfw1-> get dbuf stream
****** 591236.0: <Untrust/ethernet0/2> packet received [48]******
ipid = 16735(415f), @0d665914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/2:125.88.18.50/1712->81.246.110.67/25,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/2>, out <N/A>
chose interface ethernet0/2 as incoming nat if.
flow_first_routing: in <ethernet0/2>, out <N/A>
search route to (ethernet0/2, 125.88.18.50->81.246.110.67) in vr trust-vr for vsd-0/flag-0/ifp-null
cached route 11 for 81.246.110.67
[ Dest] 11.route 81.246.110.67->81.246.110.67, to ethernet0/9
routed (x_dst_ip 81.246.110.67) from ethernet0/2 (ethernet0/2 in 0) to ethernet0/9
policy search from zone 1-> zone 3
policy_flow_search policy search nat_crt from zone 1-> zone 3
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 81.246.110.67, port 25, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 175/3/0x9
Permitted by policy 175
No src xlate choose interface ethernet0/9 as outgoing phy if
no loop on ifp ethernet0/9.
session application type 7, name SMTP, nas_id 0, timeout 1800sec
ALG vector is not attached
service lookup identified service 0.
flow_first_final_check: in <ethernet0/2>, out <ethernet0/9>
existing vector list 3-67866e4.
Session (id:47478) created for first pak 3
flow_first_install_session======>
route to 81.246.110.67
cached arp entry with MAC 005056a522a2 for 81.246.110.67
arp entry found for 81.246.110.67
ifp2 ethernet0/9, out_ifp ethernet0/9, flag 00800800, tunnel ffffffff, rc 1
outgoing wing prepared, ready
handle cleartext reverse route
search route to (ethernet0/9, 81.246.110.67->125.88.18.50) in vr trust-vr for vsd-0/flag-3000/ifp-ethernet0/2
cached route 0 for 125.88.18.50
add route 13 for 125.88.18.50 to route cache table
[ Dest] 13.route 125.88.18.50->81.246.123.177, to ethernet0/2
route to 81.246.123.177
cached arp entry with MAC 000000000000 for 81.246.123.177
add arp entry with MAC 001a6d642f26 for 81.246.123.177 to cache table
arp entry found for 81.246.123.177
ifp2 ethernet0/2, out_ifp ethernet0/2, flag 00800801, tunnel ffffffff, rc 1
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/2 out ifp ethernet0/9
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn, 125.88.18.50(1712)->81.246.110.67(25), nspflag 0x801801, 0x800800
post addr xlation: 125.88.18.50->81.246.110.67.
send packet to traffic shaping queue.
flow_ip_send: 415f:125.88.18.50->81.246.110.67,6 => ethernet0/9(48) flag 0x20000, vlan 0
pak has mac
Send to ethernet0/9 (62)
****** 591236.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d6ac914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
existing session found. sess token 13
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/9 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn_ack, 81.246.110.67(25)->125.88.18.50(1712), nspflag 0x801800, 0x801801
post addr xlation: 81.246.110.67->125.88.18.50.
send packet to traffic shaping queue.
flow_ip_send: 0000:81.246.110.67->125.88.18.50,6 => ethernet0/2(48) flag 0x20000, vlan 0
pak has mac
Send to ethernet0/2 (62)
****** 591239.0: <Untrust/ethernet0/2> packet received [48]******
ipid = 20282(4f3a), @0d60a914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/2:125.88.18.50/1712->81.246.110.67/25,6<Root>
existing session found. sess token 4
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/2 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn, 125.88.18.50(1712)->81.246.110.67(25), nspflag 0x801801, 0x801800
post addr xlation: 125.88.18.50->81.246.110.67.
send packet to traffic shaping queue.
flow_ip_send: 4f3a:125.88.18.50->81.246.110.67,6 => ethernet0/9(48) flag 0x20000, vlan 0
pak has mac
Send to ethernet0/9 (62)
****** 591239.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d637914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
existing session found. sess token 13
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/9 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn_ack, 81.246.110.67(25)->125.88.18.50(1712), nspflag 0x801800, 0x801801
post addr xlation: 81.246.110.67->125.88.18.50.
send packet to traffic shaping queue.
flow_ip_send: 0000:81.246.110.67->125.88.18.50,6 => ethernet0/2(48) flag 0x20000, vlan 0
pak has mac
Send to ethernet0/2 (62)
****** 591239.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d6a0114
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
existing session found. sess token 13
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/9 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn_ack, 81.246.110.67(25)->125.88.18.50(1712), nspflag 0x801800, 0x801801
post addr xlation: 81.246.110.67->125.88.18.50.
send packet to traffic shaping queue.
****** 591245.0: <Untrust/ethernet0/2> packet received [48]******
ipid = 25444(6364), @0d615914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/2:125.88.18.50/1712->81.246.110.67/25,6<Root>
existing session found. sess token 4
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/2 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn, 125.88.18.50(1712)->81.246.110.67(25), nspflag 0x801801, 0x801800
post addr xlation: 125.88.18.50->81.246.110.67.
send packet to traffic shaping queue.
****** 591245.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d6ff914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
existing session found. sess token 13
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/9 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn_ack, 81.246.110.67(25)->125.88.18.50(1712), nspflag 0x801800, 0x801801
post addr xlation: 81.246.110.67->125.88.18.50.
send packet to traffic shaping queue.
****** 591246.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d64e914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
existing session found. sess token 13
flow got session.
flow session id 47478
flow_main_body_vector in ifp ethernet0/9 out ifp N/A
flow vector index 0x3, vector addr 0x20769b8, orig vector 0x20769b8
adjust tcp mss.
Got syn_ack, 81.246.110.67(25)->125.88.18.50(1712), nspflag 0x801800, 0x801801
post addr xlation: 81.246.110.67->125.88.18.50.
send packet to traffic shaping queue.
flow_ip_send: 0000:81.246.110.67->125.88.18.50,6 => ethernet0/2(48) flag 0x20000, vlan 0
pak has mac
Send to ethernet0/2 (62)
****** 591259.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d6f2914
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1712,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/9>, out <N/A>
chose interface ethernet0/9 as incoming nat if.
flow_first_routing: in <ethernet0/9>, out <N/A>
search route to (ethernet0/9, 81.246.110.67->125.88.18.50) in vr trust-vr for vsd-0/flag-0/ifp-null
cached route 0 for 125.88.18.50
add route 13 for 125.88.18.50 to route cache table
[ Dest] 13.route 125.88.18.50->81.246.123.177, to ethernet0/2
routed (x_dst_ip 125.88.18.50) from ethernet0/9 (ethernet0/9 in 0) to ethernet0/2
policy search from zone 3-> zone 1
policy_flow_search policy search nat_crt from zone 3-> zone 1
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 125.88.18.50, port 1712, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 320000/-1/0x0
Searching global policy.
swrs_search_ip: policy matched id/idx/action = 320000/-1/0x0
policy id (320000)
packet dropped, denied by policy
Policy id deny policy, ipv6 0, flow_potential_violation 0
****** 591264.0: <DMZ/ethernet0/9> packet received [48]******
ipid = 0(0000), @0d655114
packet passed sanity check.
flow_decap_vector IPv4 process
ethernet0/9:81.246.110.67/25->125.88.18.50/1232,6<Root>
no session found
flow_first_sanity_check: in <ethernet0/9>, out <N/A>
chose interface ethernet0/9 as incoming nat if.
flow_first_routing: in <ethernet0/9>, out <N/A>
search route to (ethernet0/9, 81.246.110.67->125.88.18.50) in vr trust-vr for vsd-0/flag-0/ifp-null
cached route 13 for 125.88.18.50
[ Dest] 13.route 125.88.18.50->81.246.123.177, to ethernet0/2
routed (x_dst_ip 125.88.18.50) from ethernet0/9 (ethernet0/9 in 0) to ethernet0/2
policy search from zone 3-> zone 1
policy_flow_search policy search nat_crt from zone 3-> zone 1
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip 125.88.18.50, port 1232, proto 6)
No SW RPC rule match, search HW rule
swrs_search_ip: policy matched id/idx/action = 320000/-1/0x0
Searching global policy.
swrs_search_ip: policy matched id/idx/action = 320000/-1/0x0
policy id (320000)
packet dropped, denied by policy
Policy id deny policy, ipv6 0, flow_potential_violation 0
beovpfw1->