ICMP (proto 1).
Note: There are no states for ICMP. It always shows proto_state=00.
TCP (proto 6)
UDP (proto 17)
SCTP (proto 132)
State
bash
To display the session table:
diagnose sys session list
To set up a session filter:
diagnose sys session filter <options>
clear clear session filter
dport dest port
dst dest ip address
duration duration
expire expire
negate inverse filter
policy policy id
proto protocol number
sport source port
src source ip address
vd index of virtual domain. -1 matches all
Starting with FortiOS versions 7.2.x and above, more filters will be visible:
di sys session filter ? <- Use '?' after 'filter' in this command to list all filter options.
vd Index of virtual domain. -1 matches all.
vd-name Name of virtual domain. -1 or "any" matches all.
sintf Source interface.
dintf Destination interface.
src Source IP address.
nsrc NAT'd source ip address
dst Destination IP address.
proto Protocol number.
sport Source port.
nport NAT'd source port
dport Destination port.
policy Policy ID.
expire expire
duration duration
proto-state Protocol state.
session-state1 Session state1.
session-state2 Session state2.
ext-src Add a source address to the extended match list.
ext-dst Add a destination address to the extended match list.
ext-src-negate Add a source address to the negated extended match list.
ext-dst-negate Add a destination address to the negated extended match list.
clear Clear session filter.
negate Inverse filter.TCP,状态ESTABLISHED
bash
Example of session table entry:
session info: proto=6 proto_state=01 duration=142250 expire=3596 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ helper=rsh vlan_cos=255/255
state=local
statistic(bytes/packets/allow_err): org=9376719/61304/1 reply=3930213/32743/1 tuples=2
tx speed(Bps/kbps): 65/0 rx speed(Bps/kbps): 27/0
orgin->sink: org out->post, reply pre->in dev=13->0/0->13 gwy=0.0.0.0/10.5.27.238
hook=out dir=org act=noop 10.5.27.238:16844->173.243.132.165:514(0.0.0.0:0)
hook=in dir=reply act=noop 173.243.132.165:514->10.5.27.238:16844(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=0 auth_info=0 chk_client_info=0 vd=0
serial=0161f3cf tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000
dd_type=0 dd_mode=0
proto: protocol number
proto_state: state of the session (depending on protocol)
bash
dev: an interface index can be obtained via 'diagnose netlink interface list':
if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0
NAT information:
hook=out dir=org act=noop 10.5.27.238:16844->173.243.132.165:514(20.30.40.50:20000)
hook=in dir=reply act=noop 173.243.132.165:514->20.30.40.50:20000(10.5.27.238:16844)
LEGEND: <source_IP>:<source_port>-><destination_IP>:<destination_port>(<NAT_IP>:<NAT_port>).
When applying SNAT, NAT information overwrites the <source_IP>:<source_port>.
When applying DNAT, NAT information overwrites the <destination_IP>:<destination_port>.
policy_id: policy ID, which is utilized for the traffic.
auth_info: indicates if the session holds any authentication data (1) or not (0).
vd: VDOM index can be obtained via 'diagnose sys vd list':
name=root/root index=0 enabled use=237 rt_num=144 asym_rt=0 sip_helper=1, sip_nat_trace=1, mc_fwd=1, mc_ttl_nc=0, tpmc_sk_pl=0
serial: unique session identifier.
tos:
The policy has tos/dscp configured to override this value on a packet.
A proxy-based feature is enabled and it is necessary to preserve the tos/dscp on packets in the flow by caching the tos/dscp on the kernel session from the original packet and then setting it on any subsequent packets that are generated by the proxy.
app: application ID.
url_cat: See the following table: