FORTIGATE - Session Debug

Session Analysis Of A Failling Connection

diag sys session stat
diag sys session filter src <IP>
diag sys session list

diagnose sys session filter ?

vd
- Index of virtual domain. -1 matches all.

vd-name
- Name of virtual domain. -1 or "any" matches all.

sintf
- Source interface.

dintf
- Destination interface.

src
- Source IP address.

nsrc
- NAT'd source ip address

dst
- Destination IP address.

proto
- Protocol number.

sport
- Source port.

nport
- NAT'd source port

dport
- Destination port.

policy
- Policy ID.

expire
- expire

duration
- duration

proto-state
- Protocol state.

session-state1
- Session state1.

session-state2
- Session state2.

ext-src
- Add a source address to the extended match list.

ext-dst
- Add a destination address to the extended match list.

ext-src-negate
- Add a source address to the negated extended match list.

ext-dst-negate
- Add a destination address to the negated extended match list.

clear
- Clear session filter.

negate
- Inverse filter.

Useful Links

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-it-is-possible-to-use-filter-with-diagnose-sys/ta-p/253403

Anonymous

Search

FORTIGATE - Session Debug

Namespaces

More

Page actions

Session Analysis Of A Failling Connection

diagnose sys session filter ?

Useful Links

Navigation

Navigation

Wiki tools

Wiki tools

Anonymous

Search

FORTIGATE - Session Debug

Session Analysis Of A Failling Connection

diagnose sys session filter ?

Useful Links

Navigation

Wiki tools

Page tools

Categories