查看和删除会话信息

使用filter过滤器查看和删除会话。

  1. 设置过滤条件

    查看和删除某特定会话时,都需要先设置filter

    # diagnose sys session filter        //敲 ? 查看会话支持的过滤条件,如源IP,目的IP,目的端口等
    vd                Index of virtual domain. -1 matches all.
    vd-name           Name of virtual domain. -1 or "any" matches all.
    sintf             Source interface.
    dintf             Destination interface.
    src               Source IP address.
    nsrc              NAT'd source ip address
    dst               Destination IP address.
    proto             Protocol number.
    sport             Source port.
    nport             NAT'd source port
    dport             Destination port.
    policy            Policy ID.
    expire            expire
    duration          duration
    proto-state       Protocol state.
    session-state1    Session state1.
    session-state2    Session state2.
    ext-src           Add a source address to the extended match list.
    ext-dst           Add a destination address to the extended match list.
    ext-src-negate    Add a source address to the negated extended match list.
    ext-dst-negate    Add a destination address to the negated extended match list.
    clear             Clear session filter.
    negate            Inverse filter.
    
    # diagnose sys session filter         //直接敲回车查看当前的过滤条件
    session filter:
            vd: any
            sintf: any
            dintf: any
            proto: any
            proto-state: any
            source ip: any
            NAT'd source ip: any
            dest ip: any
            source port: any
            NAT'd source port: any
            dest port: any
            policy id: any
            expire: any
            duration: any
            state1: any
            state2: any
    
  2. 查看会话

    查看某特定会话时,需要先设置filter。如果不设置过滤条件,则diagnose sys session list 将列出FortiGate当前所有的会话。

    设置过滤条件
    # diagnose sys session filter proto 1
    # diagnose sys session filter src 192.168.1.10
    
    查看设置的过滤条件
    # diagnose sys session filter 
    session filter:
            vd: any
            sintf: any
            dintf: any
            proto: 1-1
            proto-state: any
            source ip: 192.168.1.10-192.168.1.10
            NAT'd source ip: any
            dest ip: any
            source port: any
            NAT'd source port: any
            dest port: any
            policy id: any
            expire: any
            duration: any
            state1: any
    
    查看过滤后的会话
    # diagnose sys session list
    session info: proto=1 proto_state=00 duration=1 expire=59 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
    origin-shaper=
    reply-shaper=
    per_ip_shaper=
    class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
    state=may_dirty npu 
    statistic(bytes/packets/allow_err): org=168/2/1 reply=168/2/1 tuples=2
    tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
    orgin->sink: org pre->post, reply pre->post dev=13->14/14->13 gwy=192.168.2.10/192.168.1.10
    hook=pre dir=org act=noop 192.168.1.10:13898->192.168.2.10:8(0.0.0.0:0)
    hook=post dir=reply act=noop 192.168.2.10:13898->192.168.1.10:0(0.0.0.0:0)
    misc=0 policy_id=8 pol_uuid_idx=520 auth_info=0 chk_client_info=0 vd=0
    serial=00091df7 tos=ff/ff app_list=0 app=0 url_cat=0
    rpdb_link_id=00000000 ngfwid=n/a
    npu_state=0x4000c00 ofld-O ofld-R
    npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=158/156, ipid=156/158, vlan=0x0000/0x0000
    vlifid=156/158, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=5/4
    total session 1   // 过滤的会话,总共有1条
    
  3. 删除会话

    删除某特定会话时,需要先设置filter。如果不设置过滤条件,则diagnose sys session clear 将清空FortiGate当前所有的会话,将会引起断网。

    设置过滤条件
    # diagnose sys session filter proto 1
    # diagnose sys session filter src 192.168.1.10
    
    查看设置的过滤条件
    # diagnose sys session filter 
    session filter:
            vd: any
            sintf: any
            dintf: any
            proto: 1-1
            proto-state: any
            source ip: 192.168.1.10-192.168.1.10
            NAT'd source ip: any
            dest ip: any
            source port: any
            NAT'd source port: any
            dest port: any
            policy id: any
            expire: any
            duration: any
            state1: any
    
    查看过滤后的会话是否是需要删除的会话
    # diagnose sys session list
    session info: proto=1 proto_state=00 duration=1 expire=59 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
    origin-shaper=
    reply-shaper=
    per_ip_shaper=
    class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
    state=may_dirty npu 
    statistic(bytes/packets/allow_err): org=168/2/1 reply=168/2/1 tuples=2
    tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
    orgin->sink: org pre->post, reply pre->post dev=13->14/14->13 gwy=192.168.2.10/192.168.1.10
    hook=pre dir=org act=noop 192.168.1.10:13898->192.168.2.10:8(0.0.0.0:0)
    hook=post dir=reply act=noop 192.168.2.10:13898->192.168.1.10:0(0.0.0.0:0)
    misc=0 policy_id=8 pol_uuid_idx=520 auth_info=0 chk_client_info=0 vd=0
    serial=00091df7 tos=ff/ff app_list=0 app=0 url_cat=0
    rpdb_link_id=00000000 ngfwid=n/a
    npu_state=0x4000c00 ofld-O ofld-R
    npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=158/156, ipid=156/158, vlan=0x0000/0x0000
    vlifid=156/158, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=5/4
    total session 1
    
    确认无误后,再执行删除会话的命令
    # diagnose sys session clear
    

Copyright © 2024 Fortinet Inc. All rights reserved. Powered by Fortinet TAC Team.
📲扫描下方二维码分享此页面👇
该页面修订于: 2022-11-29 21:41:38

results matching ""

    No results matching ""