In previous post I have explained how to monitor traffic logs. Now i want to guide you how to monitor live sessions in Fortigate firewalls. live sessions or in other word states are made when 3-way hand shake completed in TCP traffics or when a state is created in UDP traffics. you can monitor these session deeply with the following command:
FG# diagnose sys session list
When you execute this command you would see all established states in your firewall without any filtering. if you want to monitor a specific session you should filter output as follow:
FG# diagnose sys session filter src [ SOURCE-IP-ADDRESS]
FG# diagnose sys session filter dst [ DESTINATION-IP-ADDRESS]
FG# diagnose sys session filter dpor [ DESTINATION-PORT-NUMBER]
FG# diagnose sys session filter Sport [ SOURCE-PORT-NUMBER]
and then you should use following command again:
FG# diagnose sys session list
I wish these post is useful for you.
Upvoted, followed
Follow back thanks