■Fortigate-80CのGUI操作デバッグログからアップデートの方法を確認する。
Model name: FortiGate-80C
Version: FortiGate-80C v5.2.2,build0642,150106 (GA)
Release Version Information: GA
■WAN側の設定は以下。
config system interface
edit "wan1" <---
set vdom "root"
set ip 192.168.1.252 255.255.255.248
set allowaccess ping fgfm auto-ipsec
set type physical
set snmp-index 1
next
end
config firewall policy
edit 1
set srcintf "internal"
set dstintf "wan1" <---
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set av-profile "default"
set webfilter-profile "default"
set application-list "default"
set profile-protocol-options "default"
set ssl-ssh-profile "certificate-inspection"
set nat enable
next
end
config router static
edit 1
set gateway 192.168.1.254
set device "wan1" <---
next
end
■コンソールでGUI操作をデバッグ
■システム > 設定 > FortiGuard から。
> AV & IPS ダウンロードオプション
> [実行]
0: end
> WebフィルタリングとEmailフィルタリングオプション
> Port Selection
> Use Default Port (53)
[Test Availability] -> [OK]
0: end
■コマンドが同じことから、本質的には同じらしい。
$ sudo tail -f /var/log/Fortigate-80C.log | \
sed -e 's/\(FGT80C\)[0-9]*/\1Serial/g' \
-e 's/ [a-z]*i[dp]=/\n&/g' \
-e 's/ service=\|duration=/\n&/g' \
-e 's/ module=\| logdesc=\| msg=\|,/\n&/g'
Jun 10 00:26:52 172.31.31.252 date=2015-06-10 time=00:26:52 devname=FGT8
devid=FGT80CSerial
logid=0100032102 type=event subtype=system level=information vd="root"
logdesc="A user has changed the configuration for a specific sub-module via GUI" user="admin" ui=GUI(172.31.31.254)
module=system submodule=update
msg="User admin made a change via GUI(172.31.31.254): System update setting has been changed"
Jun 10 00:28:24 172.31.31.252 date=2015-06-10 time=00:28:24 devname=FGT8
devid=FGT80CSerial
logid=0100032102 type=event subtype=system level=information vd="root"
logdesc="A user has changed the configuration for a specific sub-module via GUI" user="admin" ui=GUI(172.31.31.254)
module=system submodule=update
msg="User admin made a change via GUI(172.31.31.254): System update setting has been changed"
■パケットキャプチャしてみる。
interfaces=[wan1]
filters=[net 208.91.112.0 mask 255.255.255.0]
0: config system autoupdate schedule
0: end
60.971829 192.168.1.252.1154 -> 208.91.112.80.443: syn 382486821
61.087707 208.91.112.80.443 -> 192.168.1.252.1154: syn 378329634 ack 382486822
61.087779 192.168.1.252.1154 -> 208.91.112.80.443: ack 378329635
...
■AV & IPS ダウンロードオプションでは、
「443/TCP(https)」「53/UDP」の通信が発生。
$ cat packet1 | awk '{print $2,$3$4,$5}' | sort -u
192.168.1.252.1154 ->208.91.112.80.443: 382487028
192.168.1.252.1154 ->208.91.112.80.443: ack
192.168.1.252.1154 ->208.91.112.80.443: fin
192.168.1.252.1154 ->208.91.112.80.443: psh
192.168.1.252.1154 ->208.91.112.80.443: syn
192.168.1.252.64633 ->208.91.112.52.53: udp
192.168.1.252.64633 ->208.91.112.53.53: udp
208.91.112.52.53 ->192.168.1.252.64633: udp
208.91.112.53.53 ->192.168.1.252.64633: udp
208.91.112.80.443 ->192.168.1.252.1154: 378329635
208.91.112.80.443 ->192.168.1.252.1154: ack
208.91.112.80.443 ->192.168.1.252.1154: psh
208.91.112.80.443 ->192.168.1.252.1154: rst
208.91.112.80.443 ->192.168.1.252.1154: syn
■WebフィルタリングとEmailフィルタリングオプションでは、
「8888/udp」、「53/udp」、「80/tcp」の通信が発生
時差なのだろうか。。。
$ cat packet2 | awk '{print $2,$3$4,$5}' | sort -u
192.168.1.252.1025 ->208.91.112.196.53: udp
192.168.1.252.1025 ->208.91.112.196.8888: udp
192.168.1.252.1025 ->208.91.112.198.53: udp
192.168.1.252.1025 ->208.91.112.198.8888: udp
192.168.1.252.1156 ->208.91.112.198.80: ack
192.168.1.252.1156 ->208.91.112.198.80: psh
192.168.1.252.1156 ->208.91.112.198.80: syn
192.168.1.252.1157 ->208.91.112.196.80: ack
192.168.1.252.1157 ->208.91.112.196.80: psh
192.168.1.252.1157 ->208.91.112.196.80: syn
192.168.1.252.1158 ->208.91.112.198.80: ack
192.168.1.252.1158 ->208.91.112.198.80: psh
192.168.1.252.1158 ->208.91.112.198.80: syn
192.168.1.252.1159 ->208.91.112.196.80: ack
192.168.1.252.1159 ->208.91.112.196.80: psh
192.168.1.252.1159 ->208.91.112.196.80: syn
192.168.1.252.1160 ->208.91.112.198.80: ack
192.168.1.252.1160 ->208.91.112.198.80: psh
192.168.1.252.1160 ->208.91.112.198.80: syn
192.168.1.252.1161 ->208.91.112.196.80: ack
192.168.1.252.1161 ->208.91.112.196.80: psh
192.168.1.252.1161 ->208.91.112.196.80: syn
192.168.1.252.1162 ->208.91.112.198.80: ack
192.168.1.252.1162 ->208.91.112.198.80: syn
192.168.1.252.1163 ->208.91.112.196.80: ack
192.168.1.252.1163 ->208.91.112.196.80: psh
192.168.1.252.1163 ->208.91.112.196.80: syn
192.168.1.252.1164 ->208.91.112.198.80: ack
192.168.1.252.1164 ->208.91.112.198.80: syn
192.168.1.252.1165 ->208.91.112.196.80: ack
192.168.1.252.1165 ->208.91.112.196.80: psh
192.168.1.252.1165 ->208.91.112.196.80: syn
192.168.1.252.1166 ->208.91.112.198.80: ack
192.168.1.252.1166 ->208.91.112.198.80: psh
192.168.1.252.1166 ->208.91.112.198.80: syn
192.168.1.252.1167 ->208.91.112.196.80: ack
192.168.1.252.1167 ->208.91.112.196.80: psh
192.168.1.252.1167 ->208.91.112.196.80: syn
192.168.1.252.64633 ->208.91.112.52.53: udp
192.168.1.252.64633 ->208.91.112.53.53: udp
208.91.112.196.53 ->192.168.1.252.1025: udp
208.91.112.196.80 ->192.168.1.252.1157: ack
208.91.112.196.80 ->192.168.1.252.1157: psh
208.91.112.196.80 ->192.168.1.252.1157: rst
208.91.112.196.80 ->192.168.1.252.1157: syn
208.91.112.196.80 ->192.168.1.252.1159: ack
208.91.112.196.80 ->192.168.1.252.1159: psh
208.91.112.196.80 ->192.168.1.252.1159: rst
208.91.112.196.80 ->192.168.1.252.1159: syn
208.91.112.196.80 ->192.168.1.252.1161: psh
208.91.112.196.80 ->192.168.1.252.1161: rst
208.91.112.196.80 ->192.168.1.252.1161: syn
208.91.112.196.80 ->192.168.1.252.1163: psh
208.91.112.196.80 ->192.168.1.252.1163: rst
208.91.112.196.80 ->192.168.1.252.1163: syn
208.91.112.196.80 ->192.168.1.252.1165: psh
208.91.112.196.80 ->192.168.1.252.1165: rst
208.91.112.196.80 ->192.168.1.252.1165: syn
208.91.112.196.80 ->192.168.1.252.1167: psh
208.91.112.196.80 ->192.168.1.252.1167: rst
208.91.112.196.80 ->192.168.1.252.1167: syn
208.91.112.196.8888 ->192.168.1.252.1025: udp
208.91.112.198.53 ->192.168.1.252.1025: udp
208.91.112.198.80 ->192.168.1.252.1156: ack
208.91.112.198.80 ->192.168.1.252.1156: psh
208.91.112.198.80 ->192.168.1.252.1156: rst
208.91.112.198.80 ->192.168.1.252.1156: syn
208.91.112.198.80 ->192.168.1.252.1158: ack
208.91.112.198.80 ->192.168.1.252.1158: psh
208.91.112.198.80 ->192.168.1.252.1158: rst
208.91.112.198.80 ->192.168.1.252.1158: syn
208.91.112.198.80 ->192.168.1.252.1160: ack
208.91.112.198.80 ->192.168.1.252.1160: psh
208.91.112.198.80 ->192.168.1.252.1160: rst
208.91.112.198.80 ->192.168.1.252.1160: syn
208.91.112.198.80 ->192.168.1.252.1162: ack
208.91.112.198.80 ->192.168.1.252.1162: rst
208.91.112.198.80 ->192.168.1.252.1162: syn
208.91.112.198.80 ->192.168.1.252.1164: ack
208.91.112.198.80 ->192.168.1.252.1164: rst
208.91.112.198.80 ->192.168.1.252.1166: ack
208.91.112.198.80 ->192.168.1.252.1166: psh
208.91.112.198.80 ->192.168.1.252.1166: rst
208.91.112.198.80 ->192.168.1.252.1166: syn
208.91.112.198.8888 ->192.168.1.252.1025: udp
208.91.112.52.53 ->192.168.1.252.64633: udp
■今日のところはライセンスの更新は出来ているので
コマンドで同様のログが出なければGUIから操作するしか無いということで終わりにしましょう。。。
※日付の形式はdateコマンドのもの。
$ env LANG=C date '+%a %B %d %Y'
Wed June 10 2015
antispam-license : Contract
antispam-expiration : %a %B %d %Y
avquery-license : Contract
avquery-expiration : %a %B %d %Y
webfilter-license : Contract
webfilter-expiration: %a %B %d %Y