Wednesday, June 26, 2013

diag system session ( a quick way find sessions on fortigate firewalls )

In this post, I will share  with you a simple means; "  to find and for filter specific sessions"from the cmd line.

Fortigate offers a  session  count thru the gui, but it's not as flexible as what you can do from the command line. The cli provides more flexibility,  and in fact ; you can filter option in the webgui, but it's not as quick nor easy to  deploy.

If you need to quickly change filters, the cli is the best means.

( samples of the webGui  session details )







The diag system session  or session6 command, provides either the ipv4 or ipv6  sessions stats. With this command you can filter by a host of parameters. This allows you to zoom into the  sessions types that you might have interests in.

here's those parameters;



As you can see from the above, we have a host of parameters. In the case of the output above, I'm filtering for icmp ( protocol #1 )


A simple ping to my wan2 interface after allowance for ping, will display the session(s) with the above filter.





Filtering on sessions in this manner, allows for quick diagnostics of the total sessions  & helps with quickly identifying  states within your fortigate firewall.


You should get use to applying and clearing filters in your everyday  monitoring , and trouble-shooting activities.



To wrap up, the flexibility in the filter is amazing and with creativity, you can filter on a host fields. In this last snapshot; " here's a filter using just  the policyID"

( I highlighted some key items )




The session filters along with diag debug flow, are two of the most important diagnostic commands that we have. These commands, make the life of diagnostic for fortigate series firewalls, much easier. They are simple to deploy provide more details than most other brands ( cisco ASA, Juniper NS/SRX ) and the information is very useful.


Ken Felix
Freelance Network/Security Engineer
kfelix  at  hyperfeed  .....dot....com

   ^      ^
=( *  * )=
       o
      /  \

No comments:

Post a Comment