
When you connect a website or a service over the FortiGate, a session occurs between the client and the server. These sessions are kept on a session table by FortiGate. This function can assist us when sessions need to be viewed.
You have two different ways to see the sessions. Web management (GUI) and CLI.
Web management (GUI): Go to Fortiview in the Main Menu.
CLI: run the diagnose sys session list command
Cli is usually used to troubleshoot in order to see more details in the sessions. Before you run the command, you may want to have some filter options that are shown in the following list.
FGT-01 # diagnose sys session filter ?
vd Index of virtual domain. -1 matches all.
sintf Source interface.
dintf Destination interface.
src Source IP address.
nsrc NAT’d source ip address
dst Destination IP address.
proto Protocol number.
sport Source port.
nport NAT’d source port
dport Destination port.
policy Policy ID.
expire expire
duration duration
proto-state Protocol state.
session-state1 Session state1.
session-state2 Session state2.
clear Clear session filter.
negate Inverse filter.
For example:
FGT-01 # diag sys session filter src 10.228.3.211
FGT-01 # diag sys session filter dst 10.1.1.251
FGT-01 # diag sys session list
When you run a session list command, you will see an output or some outputs as below.
Output:
session info: proto=6 proto_state=01 duration=828221 expire=3508 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=may_dirty npu
statistic(bytes/packets/allow_err): org=1374982/14905/1 reply=2124492/13749/1 tuples=2
tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
orgin->sink: org pre->post, reply pre->post dev=11->24/24->11 gwy=10.228.3.1/10.228.3.211
hook=pre dir=org act=noop 10.228.3.211:59375->10.1.1.251:445(0.0.0.0:0)
hook=post dir=reply act=noop 10.1.1.251:445->10.228.3.211:59375(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=53 auth_info=0 chk_client_info=0 vd=0
serial=0d420a52 tos=ff/ff app_list=2005 app=0 url_cat=0
dd_type=0 dd_mode=0
npu_state=0x003400
npu info: flag=0x81/0x81, offload=6/6, ips_offload=0/0, epid=20/7, ipid=7/20, vlan=0x0000/0x0000
vlifid=0/0, vtag_in=0x0000/0x0000 in_npu=0/0, out_npu=0/0, fwd_en=0/0, qid=0/0
total session 1
As you can see from above, all detailed information becomes available in the output. If the information is not available then this means the session was not established successfully. The reason for this problem may be because the client requests or the server replies may not have reached FortiGate.
You can find more information following link.
https://kb.fortinet.com/kb/viewContent.do?externalId=FD30042
Leave a Reply