Lets see how to monitor for and clear a specific session.
Using the same flow from the last blog Logs and Debug, lets find the session and then clear it.
FG1 (VDOM1) # diagnose sys session filter clear
FG1 (VDOM1) # diagnose sys session filter src 192.168.250.50
FG1 (VDOM1) # diagnose sys session filter dst 192.168.100.220
FG1 (VDOM1) # diagnose sys session list
session info: proto=6 proto_state=01 duration=297 expire=3580 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty f00 log-start
statistic(bytes/packets/allow_err): org=3120/23/1 reply=4610/27/1 tuples=2
tx speed(Bps/kbps): 1/0 rx speed(Bps/kbps): 2/0
orgin->sink: org pre->post, reply pre->post dev=17->4/4->17 gwy=192.168.100.220/10.1.1.2
hook=pre dir=org act=noop 192.168.250.50:50224->192.168.100.220:22(0.0.0.0:0)
hook=post dir=reply act=noop 192.168.100.220:22->192.168.250.50:50224(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=4 auth_info=0 chk_client_info=0 vd=0
serial=0002bc22 tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000
dd_type=0 dd_mode=0
session info: proto=6 proto_state=01 duration=297 expire=3580 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty f00 log-start
statistic(bytes/packets/allow_err): org=3120/23/1 reply=4610/27/1 tuples=2
tx speed(Bps/kbps): 1/0 rx speed(Bps/kbps): 2/0
orgin->sink: org pre->post, reply pre->post dev=6->18/18->6 gwy=10.1.1.1/192.168.250.50
hook=pre dir=org act=noop 192.168.250.50:50224->192.168.100.220:22(0.0.0.0:0)
hook=post dir=reply act=noop 192.168.100.220:22->192.168.250.50:50224(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=3 auth_info=0 chk_client_info=0 vd=1
serial=0002bc21 tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000
dd_type=0 dd_mode=0
total session 2
FG1 (VDOM1) #
We can see 2 session entries for the flow because it passes through 2 VDOMs.
Before we clear the session lets see how many sessions in total we have:
FG1 (VDOM1) # diagnose sys session full-stat
session table: table_size=262144 max_depth=1 used=54
misc info: session_count=27 setup_rate=0 exp_count=0 clash=0
memory_tension_drop=0 ephemeral=0/65536 removeable=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0
flush_work_num=0
TCP sessions:
6 in ESTABLISHED state
12 in SYN_SENT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000004
fqdn6_count=00000
Now we clear the session:
FG1 (VDOM1) # diagnose sys session clear
Session clear will clear out sessions set by the filter.
And finally check the full-stat sessions again. Should be 2 less than before.
FG1 (VDOM1) # diagnose sys session full-stat
session table: table_size=262144 max_depth=1 used=58
misc info: session_count=29 setup_rate=0 exp_count=0 clash=0
memory_tension_drop=0 ephemeral=0/65536 removeable=0
delete=0, flush=1, dev_down=0/0 ses_flush_filters=0
flush_work_num=0
TCP sessions:
4 in ESTABLISHED state
16 in SYN_SENT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=00000000
fqdn_count=00000004
fqdn6_count=00000000
And no more sessions match the filter.
FG1 (VDOM1) # diagnose sys session list
total session 0
FG1 (VDOM1) #
FG1 (VDOM1) # get system status | grep Version
Version: FortiGate-VM64 v6.0.9,build0335,200121 (GA)
Release Version Information: GA
No comments:
Post a Comment