Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cskuan
Staff
Staff

Created on ‎06-22-2020 10:34 PM Edited on ‎08-25-2025 03:15 AM By Moderator

Article Id 196340

Technical Tip: How to identify if 'diagnose sys session clear' command has been issued to clear session

Description


This article describes how to identify if the 'diagnose sys session clearcommand has been issued to clear a session.

 

Scope

 

FortiGate.

Solution


To identify if the 'diagnose sys session clearcommand has been issued, is by checking on the ‘flush’ counter.
This ‘flush’ counter will be shown when the 'diagnose sys session statcommand is executed.
The ‘flush’ counter value will increase each time the 'diagnose sys session clearcommand is issued.

Below is the sample output:

 

diagnose sys session stat
misc info:       session_count=30 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- 0, before clear session.
flush_work_num=0
TCP sessions:
         6 in ESTABLISHED state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

diagnose sys session clear                                            <----- command to clear session.

diagnose sys session stat
misc info:       session_count=2 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=1, dev_down=0/0 ses_flush_filters=0                 <----- counter increase.
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

 

However, be reminded that the 'flush' counter value will be reset to 0 after each view.

 

diagnose sys session stat
misc info:       session_count=3 setup_rate=0 exp_count=0 clash=0
        memory_tension_drop=0 ephemeral=0/131062 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0                 <----- Reset to 0 if not clear session commands run in between. 
flush_work_num=0
TCP sessions:
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000000
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

Labels:
4900
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.