如何解决排除的 mac 地址使用不当问题GlobalProtect交通

5077

Created On 04/29/22 21:56 PM - Last Modified 05/29/25 03:23 AM

Environment

GlobalProtect(GP )App 5.1+ 使用基于域的排除
配置了路由和远程访问服务的 Windows 主机 (RRAS )
线鲨

Procedure

要验证您是否遇到问题，您可以完成以下步骤：

安装线鲨 app
连接到GP并通过导航到启用转储级别日志记录App的菜单 > 设置 > 故障排除 > 日志级别：转储并退出app
启动 Wireshark 并启用捕获GP和物理适配器（您可以使用命令提示符验证它们的命名约定，如下所示）：

在 Windows 命令提示符窗口中显示 ipconfig /all 输出的快照

导航到连接到时无法访问的 urlGP VPN并记下时间戳
复制问题后停止 Wireshark 捕获，然后生成GP通过导航到日志菜单 > 设置 > 故障排除 > 收集日志
验证App通过查看GPS与以下类似日志的日志文件：

(T15964)Dump (  91): 04/26/22 17:09:04:899 Received DNS request for <DOMAIN NAME>  with type 1
(T15964)Dump (1259): 04/26/22 17:09:04:899 Domain name <DOMAIN NAME> matches exclude single domain in hash table
(T15964)Dump ( 504): 04/26/22 17:09:04:899 SP added an exclude ip <DOMAIN IP>, port 0, ttl 60 for domain <DOMAIN NAME>, original ttl=60, infinite ttl=no
(T15964)Dump ( 504): 04/26/22 17:09:04:899 SP added an exclude ip <DOMAIN IP>, port 0, ttl 60 for domain <DOMAIN NAME>, original ttl=60, infinite ttl=no
(T15964)Dump ( 536): 04/26/22 17:09:04:899 call SPSetParameters to set 2 exclude IPs
(T15964)Dump ( 264): 04/26/22 17:09:04:899 original iTimeOut=60, new iTimeOut=120
(T15964)Dump ( 268): 04/26/22 17:09:04:899 iTimeOut=120
(T15964)Dump ( 873): 04/26/22 17:09:04:899 ST,argc=6
(T15964)Dump (2088): 04/26/22 17:09:04:899 ST,shouldCacheCommand return false
(T15964)Dump (1351): 04/26/22 17:09:04:899 ST,remote ip address is <DOMAIN IP>, port=0, bind local address is <PHY ADAPTER IP>
(T15964)Dump ( 248): 04/26/22 17:09:04:899 ST,create file to \\.\symgpproxy success, file handle is 0000000000000B14
(T15964)Dump (1383): 04/26/22 17:09:04:899 ST,new domain port is 0, 5 ip set
(T15964)Dump ( 262): 04/26/22 17:09:04:899 ST,WriteFile return 0
(T15964)Dump ( 265): 04/26/22 17:09:04:899 ST,lasterror is 997
(T15964)Dump ( 267): 04/26/22 17:09:04:899 ST,lasterror is ERROR_IO_PENDING
(T15964)Dump ( 269): 04/26/22 17:09:04:899 ST,write success
(T15964)Dump (1402): 04/26/22 17:09:04:899 ST,create time task 6, delay 120 seconds
(T15964)Dump (1411): 04/26/22 17:09:04:899 ST,task for <DOMAIN IP> already exist, increase counter
(T15964)Dump ( 283): 04/26/22 17:09:04:899 ST,close file handle 0000000000000B14
(T15964)Dump ( 264): 04/26/22 17:09:04:899 original iTimeOut=60, new iTimeOut=120
(T15964)Dump ( 268): 04/26/22 17:09:04:899 iTimeOut=120
(T15964)Dump ( 873): 04/26/22 17:09:04:899 ST,argc=6
(T15964)Dump (2088): 04/26/22 17:09:04:899 ST,shouldCacheCommand return false
(T15964)Dump (1351): 04/26/22 17:09:04:899 ST,remote ip address is <DOMAIN IP>, port=0, bind local address is <PHY ADAPTER IP>
(T15964)Dump ( 248): 04/26/22 17:09:04:899 ST,create file to \\.\symgpproxy success, file handle is 0000000000000BC0
(T15964)Dump (1383): 04/26/22 17:09:04:899 ST,new domain port is 0, 6 ip set
(T15964)Dump ( 262): 04/26/22 17:09:04:900 ST,WriteFile return 0
(T15964)Dump ( 265): 04/26/22 17:09:04:900 ST,lasterror is 997
(T15964)Dump ( 267): 04/26/22 17:09:04:900 ST,lasterror is ERROR_IO_PENDING
(T15964)Dump ( 269): 04/26/22 17:09:04:900 ST,write success
(T15964)Dump (1402): 04/26/22 17:09:04:900 ST,create time task 7, delay 120 seconds
(T15964)Dump (1411): 04/26/22 17:09:04:900 ST,task for <DOMAIN IP> already exist, increase counter
(T15964)Dump ( 283): 04/26/22 17:09:04:900 ST,close file handle 0000000000000BC0

当您继续关注日志时，您应该立即遇到表明流量已被丢弃的条目，如下所示：

(T15548)Dump (1330): 04/26/22 17:09:04:903 Received an IP packet with a non-tunnel source IP <PHY ADAPTER IP>
(T15548)Dump (1553): 04/26/22 17:09:04:903 the packet received from virtual interface is discarded
(T15548)Dump (1330): 04/26/22 17:09:04:905 Received an IP packet with a non-tunnel source IP <PHY ADAPTER IP>
(T15548)Dump (1553): 04/26/22 17:09:04:905 the packet received from virtual interface is discarded

打开 Wireshark 捕获并使用您选择的过滤器将测试流量隔离到标记域

注意：在我们的示例中，我们使用了由GP用于过滤目标流量的日志(ip.addr==<源/目标 ip>)

显示 Wireshark 中突出显示的数据包的快照

记下上一步中使用的mac地址；他们应该匹配那些GP接口和firewall隧道接口。您可以通过查看“ipconfig.txt”文件在GP步骤 5 中收集的日志文件夹

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : PANGP Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 02-50-41-00-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : <GP IP>(Preferred)

在相同的GP日志文件夹，找到尼克细节.txt”日志文件并确认“转发“部分显示”启用“无论是在GP或本地适配器，如下所示：

注意：命名约定应与步骤 3 中列出的命令提示符输出相同

Interface Ethernet 3 Parameters
----------------------------------------------
IfLuid                             : ethernet_32773
IfIndex                            : 2
State                              : connected
Metric                             : 1
Link MTU                           : 1400 bytes
Reachable Time                     : 42500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 0
Site Id                            : 1
Forwarding                         : enabled

如果是这样，您必须禁用 Microsoft 路由和远程访问服务以允许拆分隧道行为正常运行。您可以在下面找到有关此功能的更多信息微软文档

如何解决排除的 mac 地址使用不当问题GlobalProtect交通

Environment

Procedure

Additional Information

Other users also viewed: