How you can monitor live sessions in Fortigates firewalls via CLI

in #fortigate7 years ago

HASHEM.jpg
In previous post I have explained how to monitor traffic logs. Now i want to guide you how to monitor live sessions in Fortigate firewalls. live sessions or in other word states are made when 3-way hand shake completed in TCP traffics or when a state is created in UDP traffics. you can monitor these session deeply with the following command:

FG# diagnose sys session list

When you execute this command you would see all established states in your firewall without any filtering. if you want to monitor a specific session you should filter output as follow:

FG# diagnose sys session filter src [ SOURCE-IP-ADDRESS]
FG# diagnose sys session filter dst [ DESTINATION-IP-ADDRESS]
FG# diagnose sys session filter dpor [ DESTINATION-PORT-NUMBER]
FG# diagnose sys session filter Sport [ SOURCE-PORT-NUMBER]

and then you should use following command again:

FG# diagnose sys session list

I wish these post is useful for you.

Sort:  

Upvoted, followed
Follow back thanks