FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cskuan
Staff
Staff
Description
This article describes how to identify if ‘diag sys session clear’ command has been issued to clear session.

Solution
To identify if the ‘diag sys session clear’ command has been issued, is by checking on the ‘flush’ counter.
This ‘flush’ counter will be shown when ‘diag sys session stat’ command is being executed.
The ‘flush’ counter value will increase each time the ‘diag sys session clear’ command is issued.

Below is the sample output:
# diag sys session stat
misc info:       session_count=30 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- 0, before clear session.
flush_work_num=0
TCP sessions:
         6 in ESTABLISHED state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

# diag sys session clear                                            <----- command to clear session.

# diag sys session stat
misc info:       session_count=2 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=1, dev_down=0/0 ses_flush_filters=0                 <----- counter increase.
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0
However, be reminded that the ‘flush’ counter value will be reset to 0 after each view.
# diag sys session stat
misc info:       session_count=3 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- reset to 0 if not clear session commands run in between. 
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

Contributors