FORTIGATE - Session Debug: Difference between revisions
From Wiki.IT-Arts.net
(Created page with "Category:Post-It == Session Analysis Of A Failling Connection == <nowiki> diag sys session stat diag sys session filter src <IP> diag sys session list</nowiki> === diagnose sys session filter ? === vd Index of virtual domain. -1 matches all. vd-name Name of virtual domain. -1 or "any" matches all. sintf Source interface. dintf Destination interface. s...") |
|||
| Line 11: | Line 11: | ||
=== diagnose sys session filter ? === | === diagnose sys session filter ? === | ||
vd | * vd | ||
** Index of virtual domain. -1 matches all. | |||
vd-name | * vd-name | ||
** Name of virtual domain. -1 or "any" matches all. | |||
sintf | * sintf | ||
** Source interface. | |||
dintf | * dintf | ||
** Destination interface. | |||
src | * src | ||
** Source IP address. | |||
nsrc | * nsrc | ||
** NAT'd source ip address | |||
dst | * dst | ||
** Destination IP address. | |||
proto | * proto | ||
** Protocol number. | |||
sport | * sport | ||
** Source port. | |||
nport | * nport | ||
** NAT'd source port | |||
dport | * dport | ||
** Destination port. | |||
policy | * policy | ||
** Policy ID. | |||
expire | * expire | ||
** expire | |||
duration | * duration | ||
** duration | |||
proto-state | * proto-state | ||
** Protocol state. | |||
session-state1 | * session-state1 | ||
** Session state1. | |||
session-state2 | * session-state2 | ||
** Session state2. | |||
ext-src | * ext-src | ||
** Add a source address to the extended match list. | |||
ext-dst | * ext-dst | ||
** Add a destination address to the extended match list. | |||
ext-src-negate | * ext-src-negate | ||
** Add a source address to the negated extended match list. | |||
ext-dst-negate | * ext-dst-negate | ||
** Add a destination address to the negated extended match list. | |||
* clear | |||
** Clear session filter. | |||
* negate | |||
** Inverse filter. | |||
== Useful Links == | == Useful Links == | ||
* https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-it-is-possible-to-use-filter-with-diagnose-sys/ta-p/253403 | * https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-it-is-possible-to-use-filter-with-diagnose-sys/ta-p/253403 | ||
Latest revision as of 09:43, 21 July 2025
Session Analysis Of A Failling Connection
diag sys session stat diag sys session filter src <IP> diag sys session list
diagnose sys session filter ?
- vd
- Index of virtual domain. -1 matches all.
- vd-name
- Name of virtual domain. -1 or "any" matches all.
- sintf
- Source interface.
- dintf
- Destination interface.
- src
- Source IP address.
- nsrc
- NAT'd source ip address
- dst
- Destination IP address.
- proto
- Protocol number.
- sport
- Source port.
- nport
- NAT'd source port
- dport
- Destination port.
- policy
- Policy ID.
- expire
- expire
- duration
- duration
- proto-state
- Protocol state.
- session-state1
- Session state1.
- session-state2
- Session state2.
- ext-src
- Add a source address to the extended match list.
- ext-dst
- Add a destination address to the extended match list.
- ext-src-negate
- Add a source address to the negated extended match list.
- ext-dst-negate
- Add a destination address to the negated extended match list.
- clear
- Clear session filter.
- negate
- Inverse filter.
