Created on
01-07-2010
10:10 AM
Edited on
11-10-2023
01:52 AM
By
Jean-Philippe_P
Description
Scope
FortiGate units running FortiOS firmware version 4.00 MR3 or 5.0.x.
Solution
Clearing sessions matching some common filtering criteria can be done from the CLI in 2 steps:
The base command is 'diagnose sys session filter <options>'.
To see the options:
diagnose sys session filter ?
clear clear session filter
dport dest port
dst dest ip address
negate inverse filter
policy policy id
proto protocol number
sport source port
src source ip address
vd index of virtual domain. -1 matches all
To see the current filter settings, type:
diagnose sys session filter
session filter:
vd: any
proto: any
source ip: any
dest ip: any
source port: any
dest port: any
policy id: any
expire: any
duration: any
Example of filter matching a source IP and a destination port :
diagnose sys session filter src 10.160.0.1
diagnose sys session filter dport 80
diagnose sys session filter
session filter:
vd: any
proto: any
source ip: 10.160.0.1-10.160.0.1
dest ip: any
source port: any
dest port: 80-80
policy id: any
expire: any
duration: any
Example of filter matching a range of source IPs and a range of destination ports:
diagnose sys session filter src 10.160.0.1 10.160.0.10
diagnose sys session filter dport 80 888
diagnose sys session filter
session filter:
vd: any
proto: any
source ip: 10.160.0.1-10.160.0.10
dest ip: any
source port: any
dest port: 80-888
policy id: any
expire: any
duration: any
Example of filter matching a source IP without filtering any port:
diagnose sys session filter src 10.160.0.1
diagnose sys session filter
session filter:
vd: any
proto: any
source ip: 10.160.0.1-10.160.0.1
dest ip: any
source port: any
dest port: any
policy id: any
expire: any
duration: any
Example of filter matching a destination IP without filtering any port:
diagnose sys session filter dst 10.160.0.1
diagnose sys session filter
session filter:
vd: any
proto: any
source ip: any
dest ip: 10.160.0.1-10.160.0.1
source port: any
dest port: any
policy id: any
expire: any
duration: any
Clear the session(s) matching the filter defined previously with the command:
diagnose sys session clear
Warning: Using the 'diagnose sys session clear' command without any filter will clear all sessions currently opened on the FortiGate unit.
Note: To see the session list, use the following command. The output will also be based on the filter defined previously:
diagnose sys session list
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.