Ghost Session

Fabricio · ‎09-19-2014

Good Morning, On my FortiGate 200B that is configured with HA, one session authenticated by FSSO, since 1 day and 15 hours that this session not die. This session was started by on Wifi Connection. How Can i kill this session by command line ? Already rebooted the Cluster " HA" , cleaning cache User List on tow FSSO. Tk

Fabricio Castro Maluf Analista de Infraestrutura

Christopher_McMullan · ‎09-19-2014

Can you see the session by running: diag sys session filter .... //--filter for parameters of the session, like port of IP diag sys session list Try to kill it: diag sys session clear //--ONLY do this with a filtered list Then check again: diag sys session list If the session is gone, remember to clear your filters: diag sys session filter clear

Regards, Chris McMullan Fortinet Ottawa

Fabricio · ‎09-19-2014

No list result on prompt when i set filter ip addres 10.10.0.10. Look at the print, is the session that did not die

Fabricio Castro Maluf Analista de Infraestrutura

Christopher_McMullan · ‎09-19-2014

What you' re describing isn' t a session, per se, as much as an FSSO authentication event, which is why it survived a reboot. What is the status of user ' FM06440' on your collector agent (if you are using one)? Have you chosen to view all FSSO logons under the User Monitor as well as actual users of firewall policies? The clue here is that there is no Policy ID mentioned, therefore, no session. If there was traffic, there would be a matched policy.

Regards, Chris McMullan Fortinet Ottawa

Ghost Session

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website