Skip to main content
princes
Staff
princes
Staff
February 20, 2026

Technical Tip: Understanding active Session list on FortiProxy device

  • February 20, 2026
  • 0 replies
  • 239 views
Description This article describes the active session verification and difference in FortiGate and FortiProxy session output.
Scope FortiProxy.
Solution

The session list on the FortiProxy has 2 types of information.

 

The following commands can be used to see the session list:

 

diagnose sys session list

diagnose wad session list

 

The first command output shows the TCP session to and from the FortiProxy interface.

 

diagnose sys session list
ipv4 tcp 29 TIME_WAIT 10.5.147.160:30818 -> 142.251.142.66:443
ipv4 tcp 29 TIME_WAIT 10.5.147.160:8020 -> 216.239.34.223:443
ipv4 tcp 29 TIME_WAIT 10.5.147.160:9080 -> 3.160.196.51:443
ipv4 tcp 29 TIME_WAIT 10.5.147.160:9890 -> 142.251.209.174:443
ipv4 tcp 29 TIME_WAIT 10.5.147.160:29774 -> 142.251.157.119:443
ipv4 tcp 1774 ESTABLISHED 10.5.147.160:34092 -> 34.104.35.123:80
ipv4 tcp 1652 ESTABLISHED 10.5.147.160:19530 -> 142.251.173.188:5228

ipv4 tcp 1787 ESTABLISHED 10.162.13.127:63576 -> 10.162.19.160:8080  

 

Screenshot 2026-02-19 160752.png

 

In the above image, Port3 is the interface listening for proxy connections on Port 8080 and Port1 is the WAN interface for routing the traffic on the internet.

 

In the output above, no correlation logs can be found in the GUI log section.

 

The following is the second command output:

 

diagnose wad session list

Session: explicit proxy 10.162.13.127:63576(10.5.147.160:19530)->142.251.173.188:5228
id=50335043 worker=3 vd=0:0 fw-policy=1
duration=178 expire=3422 session-ttl=3600
state=3 app=http sub_type=0 wan_opt_mode=0 dd_method=0
SSL enabled
to-client
TCP Port:
state=2 r_blocks=1 w_blocks=0 read_blocked=0
bytes_in=2041 bytes_out=8437 shutdown=0x0
to-server
TCP Port:
state=2 r_blocks=0 w_blocks=0 read_blocked=0
bytes_in=8365 bytes_out=1940 shutdown=0x0

 

This output will show the proxy connections forwarded through FortiProxy based on the CONNECT request from the user systems.

Proxy connection output can only be seen if the connection was successful to the server requested in the client CONNECT request. However, the first command may still show the output from client to the FortiProxy interface.

 

The second list can be verified and matched against the GUI correlation logs based on session ID value:

 

Screenshot 2026-02-19 162245.png

 

In the GUI logs above, the session ID of 50335043 can be seen and matched with the WAD session output.
    Terms & ConditionsAccessibility statement