Description | This article describes how to add Multiple Destination or Source Address on Session Filter. |
Scope | FortiGate. |
Solution |
While troubleshooting in customer environment, session filter command is made use in FortiGate to check the DNAT/SNAT, policy, gateway etc for a particular source towards a particular destination IP. This KB article explains on how to add multiple source and destination IP on the filter so that the details for the specified IPs (sources and destinations) can be checked at the same time.
Example used here, IP: 1.1.1.1 and 8.8.8.8 as destinations
# diag sys session filter ext-dst 1.1.1.1 # diag sys session filter ext-dst 8.8.8.8
To verify if the filter has been set:
# diag sys session filter
session filter:
To view the output:
# diagnose sys session list
Example output:
session info: proto=1 proto_state=00 duration=7 expire=493 timeout=500 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
session info: proto=1 proto_state=00 duration=5 expire=495 timeout=500 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
Similarly one can also set to define multiple source IPs using the command below
# diagnose sys session filter ext-src x.x.x.x # diagnose sys session filter ext-src y.y.y.y
Session Filter reference: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.