Problema con fortiguard
Publicado: 25 Oct 2011, 17:09
Buenas a todos/as, tengo un problema con la resolucion de los fortiguard services.
Aplico unas reglas de filtrado web, pero no funcionan adecuandamente, paso a relataros mis pruebas:
*Cambiados puertos de origen:
#config sys global
#set ip-src-port-range 1035-25000
#end
*DNS probadas:
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
4.2.2.2
4.2.2.1
80.58.0.33
80.58.61.250
80.58.61.254
194.179.1.100
194.179.1.101
217.76.128.4
Y alguna mas....
*Ping es correcto! pero no resuelve como vereis mas adelante en el debug:
#execute ping service.fortiguard.net
PING guard.fortinet.net (208.91.112.198): 56 data bytes
64 bytes from 208.91.112.198: icmp_seq=0 ttl=40 time=256.3 ms
64 bytes from 208.91.112.198: icmp_seq=1 ttl=40 time=249.6 ms
64 bytes from 208.91.112.198: icmp_seq=2 ttl=40 time=240.8 ms
64 bytes from 208.91.112.198: icmp_seq=3 ttl=40 time=241.6 ms
64 bytes from 208.91.112.198: icmp_seq=4 ttl=40 time=241.8 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 240.8/246.0/256.3 ms
*La zona horaria y el NTP es correcto
*No aparecen los servidores ni la licencia que dispongo con el comando, pero en el dashboard si que sale que tengo licencia y estoy registrado y dentro de la fecha:
#didiagnose debug rating
Locale : english
License : Unknown
Expiration : N/A
Hostname : service.fortiguard.net
-=- Server List (Tue Oct 25 16:39:03 2011) -=-
IP Weight RTT Flags TZ Packets Curr Lost Total Lost
None
*Otro comando:
#get system fortiguard
hostname : service.fortiguard.net
srv-ovrd : disable
port : 8888
client-override-status: disable
service-account-id : (null)
load-balance-servers: 1
analysis-service : enable
antispam-force-off : disable
antispam-cache : disable
antispam-cache-ttl : 1800
antispam-cache-mpercent: 2
antispam-license : Unknown
antispam-expiration : N/A
antispam-timeout : 7
avquery-force-off : disable
avquery-cache : enable
avquery-cache-ttl : 1800
avquery-cache-mpercent: 2
avquery-license : Unknown
avquery-expiration : N/A
avquery-timeout : 7
webfilter-force-off : disable
webfilter-cache : disable
webfilter-cache-ttl : 3600
webfilter-license : Unknown
webfilter-expiration: N/A
webfilter-timeout : 15
antispam-score-threshold: 80
*Cambiado el puerto por defecto del 53 al 8888 y desactivado el webfilter & antispam cache:
#show system fortiguard
config system fortiguard
set port 8888
set antispam-cache disable
set webfilter-cache disable
end
*Debug de los fortiguard services:
# diagnose debug enable
# diagnose debug application urlfilter 1
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.11 sport=1153 dst=74.125.127.120 dport=80 service="http" hostname="csi.gstatic.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/csi?v=2&s=youtube&action=results&e=900034,901027,916201&li=0&addomain=ad-emea.doubleclick.net&rt=resultscss.16,resultsjs.181,ct.181,tn1.512,tn_c4.627,tn5.545,tn10.561,tn20.627,ol.1420,aft.1420"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1123 dst=99.192.248.7 dport=80 service="http" hostname="www.elcomercio.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/rss/titulares.xml"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1125 dst=50.56.5.48 dport=80 service="http" hostname="www.el-nacional.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/www/site/rss.php?q=todo/1"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2438 dst=209.85.229.104 dport=80 service="http" hostname="www.google.es" status=passthrough error="failed to resolve FortiGuard hostname" url="/url?sa=t&rct=j&q=por ley en empresa privada cuanto se puede reducir sueldo&source=web&cd=1&ved=0CCUQFjAA&url=http://www.elblogsalmon.com/economia-domestica/pueden-las-empresas-bajar-el-sueldo-a-sus-trabajadores&ei=hsimTvjdIYzG8QPFtvTJDw&usg=AFQjCNGjxs24Io-gC9tmrny_6dPCLetJkQ"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1125 dst=50.56.5.48 dport=80 service="http" hostname="www.el-nacional.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2448 dst=94.127.72.120 dport=80 service="http" hostname="www.elblogsalmon.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/economia-domestica/pueden-las-empresas-bajar-el-sueldo-a-sus-trabajadores"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2458 dst=209.85.229.147 dport=80 service="http" hostname="api.recaptcha.net" status=passthrough error="failed to resolve FortiGuard hostname" url="/challenge?k=6LcGowEAAAAAACNOcDHUu0PyDxoWvL2lYIJXGPUo"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1129 dst=65.54.89.39 dport=80 service="http" hostname="edge3.catalog.video.msn.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/videoByMarket.aspx?mk=es-us&sf=ActiveStartDate&vs=0&sd=-1&ind=&ps=&rct=&ff=8a&responseEncoding=rss&title=MSN Video: Principal"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1131 dst=200.41.9.39 dport=80 service="http" hostname="www.eltiempo.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/colombia/rss.xml"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2460 dst=157.55.231.252 dport=443 service="https" hostname="urs.microsoft.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/"
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
Se puede ver, que intenta resolver service.fortiguard.net pero no puede, por eso deja ver la web ya que tengo configurado que si existe un error, deje verlo.
Alguien sabe que puede estar pasando¿? o_O
Gracias anticipadas!
Raul.
Aplico unas reglas de filtrado web, pero no funcionan adecuandamente, paso a relataros mis pruebas:
*Cambiados puertos de origen:
#config sys global
#set ip-src-port-range 1035-25000
#end
*DNS probadas:
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
4.2.2.2
4.2.2.1
80.58.0.33
80.58.61.250
80.58.61.254
194.179.1.100
194.179.1.101
217.76.128.4
Y alguna mas....
*Ping es correcto! pero no resuelve como vereis mas adelante en el debug:
#execute ping service.fortiguard.net
PING guard.fortinet.net (208.91.112.198): 56 data bytes
64 bytes from 208.91.112.198: icmp_seq=0 ttl=40 time=256.3 ms
64 bytes from 208.91.112.198: icmp_seq=1 ttl=40 time=249.6 ms
64 bytes from 208.91.112.198: icmp_seq=2 ttl=40 time=240.8 ms
64 bytes from 208.91.112.198: icmp_seq=3 ttl=40 time=241.6 ms
64 bytes from 208.91.112.198: icmp_seq=4 ttl=40 time=241.8 ms
--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 240.8/246.0/256.3 ms
*La zona horaria y el NTP es correcto
*No aparecen los servidores ni la licencia que dispongo con el comando, pero en el dashboard si que sale que tengo licencia y estoy registrado y dentro de la fecha:
#didiagnose debug rating
Locale : english
License : Unknown
Expiration : N/A
Hostname : service.fortiguard.net
-=- Server List (Tue Oct 25 16:39:03 2011) -=-
IP Weight RTT Flags TZ Packets Curr Lost Total Lost
None
*Otro comando:
#get system fortiguard
hostname : service.fortiguard.net
srv-ovrd : disable
port : 8888
client-override-status: disable
service-account-id : (null)
load-balance-servers: 1
analysis-service : enable
antispam-force-off : disable
antispam-cache : disable
antispam-cache-ttl : 1800
antispam-cache-mpercent: 2
antispam-license : Unknown
antispam-expiration : N/A
antispam-timeout : 7
avquery-force-off : disable
avquery-cache : enable
avquery-cache-ttl : 1800
avquery-cache-mpercent: 2
avquery-license : Unknown
avquery-expiration : N/A
avquery-timeout : 7
webfilter-force-off : disable
webfilter-cache : disable
webfilter-cache-ttl : 3600
webfilter-license : Unknown
webfilter-expiration: N/A
webfilter-timeout : 15
antispam-score-threshold: 80
*Cambiado el puerto por defecto del 53 al 8888 y desactivado el webfilter & antispam cache:
#show system fortiguard
config system fortiguard
set port 8888
set antispam-cache disable
set webfilter-cache disable
end
*Debug de los fortiguard services:
# diagnose debug enable
# diagnose debug application urlfilter 1
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.11 sport=1153 dst=74.125.127.120 dport=80 service="http" hostname="csi.gstatic.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/csi?v=2&s=youtube&action=results&e=900034,901027,916201&li=0&addomain=ad-emea.doubleclick.net&rt=resultscss.16,resultsjs.181,ct.181,tn1.512,tn_c4.627,tn5.545,tn10.561,tn20.627,ol.1420,aft.1420"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1123 dst=99.192.248.7 dport=80 service="http" hostname="www.elcomercio.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/rss/titulares.xml"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1125 dst=50.56.5.48 dport=80 service="http" hostname="www.el-nacional.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/www/site/rss.php?q=todo/1"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2438 dst=209.85.229.104 dport=80 service="http" hostname="www.google.es" status=passthrough error="failed to resolve FortiGuard hostname" url="/url?sa=t&rct=j&q=por ley en empresa privada cuanto se puede reducir sueldo&source=web&cd=1&ved=0CCUQFjAA&url=http://www.elblogsalmon.com/economia-domestica/pueden-las-empresas-bajar-el-sueldo-a-sus-trabajadores&ei=hsimTvjdIYzG8QPFtvTJDw&usg=AFQjCNGjxs24Io-gC9tmrny_6dPCLetJkQ"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1125 dst=50.56.5.48 dport=80 service="http" hostname="www.el-nacional.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2448 dst=94.127.72.120 dport=80 service="http" hostname="www.elblogsalmon.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/economia-domestica/pueden-las-empresas-bajar-el-sueldo-a-sus-trabajadores"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2458 dst=209.85.229.147 dport=80 service="http" hostname="api.recaptcha.net" status=passthrough error="failed to resolve FortiGuard hostname" url="/challenge?k=6LcGowEAAAAAACNOcDHUu0PyDxoWvL2lYIJXGPUo"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1129 dst=65.54.89.39 dport=80 service="http" hostname="edge3.catalog.video.msn.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/videoByMarket.aspx?mk=es-us&sf=ActiveStartDate&vs=0&sd=-1&ind=&ps=&rct=&ff=8a&responseEncoding=rss&title=MSN Video: Principal"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.235 sport=1131 dst=200.41.9.39 dport=80 service="http" hostname="www.eltiempo.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/colombia/rss.xml"
msg="Policy allows URLs when a rating error occurs" user="N/A" src=192.168.2.70 sport=2460 dst=157.55.231.252 dport=443 service="https" hostname="urs.microsoft.com" status=passthrough error="failed to resolve FortiGuard hostname" url="/"
id=12552 vd="root" hostname="service.fortiguard.net" error="unable to resolve hostname" msg="gethostbyname() failed."
Se puede ver, que intenta resolver service.fortiguard.net pero no puede, por eso deja ver la web ya que tengo configurado que si existe un error, deje verlo.
Alguien sabe que puede estar pasando¿? o_O
Gracias anticipadas!
Raul.