查看和删除会话信息

使用filter过滤器查看和删除会话。

1. 设置过滤条件

   查看和删除某特定会话时，都需要先设置filter

   # diagnose sys session filter        //敲 ? 查看会话支持的过滤条件，如源IP，目的IP，目的端口等
   vd                Index of virtual domain. -1 matches all.
   vd-name           Name of virtual domain. -1 or "any" matches all.
   sintf             Source interface.
   dintf             Destination interface.
   src               Source IP address.
   nsrc              NAT'd source ip address
   dst               Destination IP address.
   proto             Protocol number.
   sport             Source port.
   nport             NAT'd source port
   dport             Destination port.
   policy            Policy ID.
   expire            expire
   duration          duration
   proto-state       Protocol state.
   session-state1    Session state1.
   session-state2    Session state2.
   ext-src           Add a source address to the extended match list.
   ext-dst           Add a destination address to the extended match list.
   ext-src-negate    Add a source address to the negated extended match list.
   ext-dst-negate    Add a destination address to the negated extended match list.
   clear             Clear session filter.
   negate            Inverse filter.
   
   # diagnose sys session filter         //直接敲回车查看当前的过滤条件
   session filter:
           vd: any
           sintf: any
           dintf: any
           proto: any
           proto-state: any
           source ip: any
           NAT'd source ip: any
           dest ip: any
           source port: any
           NAT'd source port: any
           dest port: any
           policy id: any
           expire: any
           duration: any
           state1: any
           state2: any
   

2. 查看会话

   查看某特定会话时，需要先设置filter。如果不设置过滤条件，则diagnose sys session list 将列出FortiGate当前所有的会话。

   设置过滤条件
   # diagnose sys session filter proto 1
   # diagnose sys session filter src 192.168.1.10
   
   查看设置的过滤条件
   # diagnose sys session filter 
   session filter:
           vd: any
           sintf: any
           dintf: any
           proto: 1-1
           proto-state: any
           source ip: 192.168.1.10-192.168.1.10
           NAT'd source ip: any
           dest ip: any
           source port: any
           NAT'd source port: any
           dest port: any
           policy id: any
           expire: any
           duration: any
           state1: any
   
   查看过滤后的会话
   # diagnose sys session list
   session info: proto=1 proto_state=00 duration=1 expire=59 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
   origin-shaper=
   reply-shaper=
   per_ip_shaper=
   class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
   state=may_dirty npu 
   statistic(bytes/packets/allow_err): org=168/2/1 reply=168/2/1 tuples=2
   tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
   orgin->sink: org pre->post, reply pre->post dev=13->14/14->13 gwy=192.168.2.10/192.168.1.10
   hook=pre dir=org act=noop 192.168.1.10:13898->192.168.2.10:8(0.0.0.0:0)
   hook=post dir=reply act=noop 192.168.2.10:13898->192.168.1.10:0(0.0.0.0:0)
   misc=0 policy_id=8 pol_uuid_idx=520 auth_info=0 chk_client_info=0 vd=0
   serial=00091df7 tos=ff/ff app_list=0 app=0 url_cat=0
   rpdb_link_id=00000000 ngfwid=n/a
   npu_state=0x4000c00 ofld-O ofld-R
   npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=158/156, ipid=156/158, vlan=0x0000/0x0000
   vlifid=156/158, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=5/4
   total session 1   // 过滤的会话，总共有1条
   

3. 删除会话

   删除某特定会话时，需要先设置filter。如果不设置过滤条件，则diagnose sys session clear 将清空FortiGate当前所有的会话，将会引起断网。

   设置过滤条件
   # diagnose sys session filter proto 1
   # diagnose sys session filter src 192.168.1.10
   
   查看设置的过滤条件
   # diagnose sys session filter 
   session filter:
           vd: any
           sintf: any
           dintf: any
           proto: 1-1
           proto-state: any
           source ip: 192.168.1.10-192.168.1.10
           NAT'd source ip: any
           dest ip: any
           source port: any
           NAT'd source port: any
           dest port: any
           policy id: any
           expire: any
           duration: any
           state1: any
   
   查看过滤后的会话是否是需要删除的会话
   # diagnose sys session list
   session info: proto=1 proto_state=00 duration=1 expire=59 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
   origin-shaper=
   reply-shaper=
   per_ip_shaper=
   class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
   state=may_dirty npu 
   statistic(bytes/packets/allow_err): org=168/2/1 reply=168/2/1 tuples=2
   tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0
   orgin->sink: org pre->post, reply pre->post dev=13->14/14->13 gwy=192.168.2.10/192.168.1.10
   hook=pre dir=org act=noop 192.168.1.10:13898->192.168.2.10:8(0.0.0.0:0)
   hook=post dir=reply act=noop 192.168.2.10:13898->192.168.1.10:0(0.0.0.0:0)
   misc=0 policy_id=8 pol_uuid_idx=520 auth_info=0 chk_client_info=0 vd=0
   serial=00091df7 tos=ff/ff app_list=0 app=0 url_cat=0
   rpdb_link_id=00000000 ngfwid=n/a
   npu_state=0x4000c00 ofld-O ofld-R
   npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=158/156, ipid=156/158, vlan=0x0000/0x0000
   vlifid=156/158, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=5/4
   total session 1
   
   确认无误后，再执行删除会话的命令
   # diagnose sys session clear