FortiGate firewall filters the specified session and cleans it up

This article mainly introduces how to set session filtering conditions through the command line , The corresponding filtering session details and clearing sessions are displayed .

FG600D3918701304 # diagnose sys  session filter（ Set filter conditions ）

vd                Index of virtual domain. -1 matches all.

sintf             Source interface.

dintf             Destination interface.

src               Source IP address.

nsrc              NAT'd source ip address

dst               Destination IP address.

proto             Protocol number.

sport             Source port.

nport             NAT'd source port

dport             Destination port.

policy            Policy ID.

expire            expire

duration          duration

proto-state       Protocol state.

session-state1    Session state1.

session-state2    Session state2.

clear             Clear session filter.

negate            Inverse filter.

FG600D3918701304 # diagnose sys  session filter src 10.10.10.1（ Set filter condition as source address 10.10.10.1）

FG600D3918701304 # diagnose sys session list（ List the sessions that match the filter criteria ）

session info: proto=17 proto_state=01 duration=18 expire=161 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6

origin-shaper=

reply-shaper=

per_ip_shaper=

ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255

state=redir log local may_dirty nlb none

statistic(bytes/packets/allow_err): org=55/1/1 reply=71/1/1 tuples=3

tx speed(Bps/kbps): 2/0 rx speed(Bps/kbps): 3/0

orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1

hook=post dir=org act=snat 10.10.10.1:54831->223.5.5.5:53(113.102.131.230:54831)

hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:54831(10.10.10.1:54831)

hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:54831(0.0.0.0:0)

misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0

serial=012ee90e tos=40/40 app_list=0 app=0 url_cat=0

dd_type=0 dd_mode=0

npu_state=0x040400

no_ofld_reason:  redir-to-av non-npu-intf

session info: proto=17 proto_state=01 duration=9 expire=170 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6

origin-shaper=

reply-shaper=

per_ip_shaper=

ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255

state=redir log local may_dirty nlb none

statistic(bytes/packets/allow_err): org=71/1/1 reply=148/1/1 tuples=3

tx speed(Bps/kbps): 7/0 rx speed(Bps/kbps): 15/0

orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1

hook=post dir=org act=snat 10.10.10.1:56119->223.5.5.5:53(113.102.131.230:56119)

hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:56119(10.10.10.1:56119)

hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:56119(0.0.0.0:0)

misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0

serial=012eedd7 tos=40/40 app_list=0 app=0 url_cat=0

dd_type=0 dd_mode=0

npu_state=0x040400

no_ofld_reason:  redir-to-av non-npu-intf

......

FG600D3918701304 # diagnose sys session clear（ Clear all sessions that match the filter criteria ）

FG600D3918701304 # diagnose sys session list（ View all sessions that match the filter criteria again ）

total session 0（ Session is 0）

FG600D3918701304 # diagnose sys session filter clear（ Clear the set filter conditions ）