Monday, July 25, 2016

how to find long-winded sessions fortigate

When working with fwpolicies and for testing  new applications,  it's proper to use the diag system session command from the cli .

In some case, you might have a new Application that needs close monitoring or want to validate that  sessions are indeed up and for a extended time.

By using the  filter option and with the diagnostic  sys session command you can find those sessions and with other attributes ( src dst port policyid# ) you can confirm or dis-confirm issues that might be drive by firewall or applications.

e.g

the above has a filter option for 900-24400 seconds and any traffic that matches that duration would be presented




You can set other values to drill in  on traffic of interest.




Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \


No comments:

Post a Comment