Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎01-07-2010 10:10 AM Edited on ‎01-10-2022 11:50 AM By Anonymous

Technical Tip: Using filters to clear sessions on a FortiGate unit

Description

This article explains how to use filters to clear sessions on a FortiGate unit, based on the CLI command:
 
diagnose sys session <arguments>
 

Scope
FortiGate units, running a FortiOS firmware version 4.00 MR3 or 5.0.x


Solution
Clearing sessions matching some common filtering criteria can be done from the CLI in 2 steps:

  • 1 - Setup a session filter

The base command is "diagnose sys session filter <options>"

 

To see the options, type options are :

 

FGT # diagnose sys session filter ?

clear      clear session filter
dport      dest port
dst         dest ip address
negate    inverse filter
policy     policy id
proto      protocol number
sport      source port
src         source ip address
vd          index of virtual domain. -1 matches all

 


To see the current filter settings, type :

 

FGT # diagnose sys session filter

 

session filter:
vd: any
proto: any
source ip: any
dest ip: any
source port: any
dest port: any
policy id: any
expire: any
duration: any

       

  

Example of filter matching a source IP and a destination port :

 

FGT# diagnose sys session filter src 10.160.0.1
FGT# diagnose sys session filter dport 80
FGT# diagnose sys session filter

session filter:
        vd: any
        proto: any
        source ip: 10.160.0.1-10.160.0.1
        dest ip: any
        source port: any
        dest port: 80-80
        policy id: any
        expire: any
        duration: any

 

 

Example of filter matching a range of source IP and a range of destination port :

 

FGT# diagnose sys session filter src 10.160.0.1  10.160.0.10
FGT# diagnose sys session filter dport 80  888
FGT# diagnose sys session filter

  session filter:
        vd: any
        proto: any
        source ip: 10.160.0.1-10.160.0.10
        dest ip: any
        source port: any
        dest port: 80-888
        policy id: any
        expire: any
        duration: any

 

 

  • 2  - Clear the session(s) matching the filter defined previously with the command :

   FGT # diagnose sys session clear

 

Warning: Using the "diagnose sys session clear" command without any filter will clear all sessions currently opened on the FortiGate unit.


Note: To see the session list, use the following command ;the output will also be based on the filter defined previously :

   FGT # diagnose sys session list
 

Related Articles

Troubleshooting Tip: FortiGate session table information

132474
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.