{"id":392,"date":"2013-12-09T12:26:47","date_gmt":"2013-12-09T11:26:47","guid":{"rendered":"http:\/\/janscholten.de\/blog\/?p=392"},"modified":"2013-12-09T12:26:47","modified_gmt":"2013-12-09T11:26:47","slug":"fortigate-firewall-debuggen-und-sessions-loeschen","status":"publish","type":"post","link":"https:\/\/janscholten.de\/blog\/2013\/12\/fortigate-firewall-debuggen-und-sessions-loeschen\/","title":{"rendered":"Fortigate: Firewall debuggen und sessions l\u00f6schen"},"content":{"rendered":"<pre>\r\ndiag debug flow show console enable\r\ndiag debug flow filter addr <IP-ADDR>\r\ndiag debug enable\r\ndiag debug flow trace start 100\r\n<\/pre>\n<p>o.g. zeigt die n\u00e4chsten 100 Flows wo die Adresse <IP-ADDR> beteiligt ist.<\/p>\n<p>den Filter kann man nat\u00fcrlich auch auf andere Sachen anwenden:<\/p>\n<pre>\r\ndiagnose debug flow filter \r\naddr      IP address.\r\nclear     Clear filter.\r\ndaddr     Destination IP address.\r\ndport     Destination port.\r\nnegate    Inverse filter.\r\nport      port\r\nproto     Protocol number.\r\nsaddr     Source IP address.\r\nsport     Source port.\r\nvd        Index of virtual domain.\r\n<\/pre>\n<p>Achtung: Sessions werden gecacht, wenn man also den Aufbau sehen will muss man uU die bestehenden Sessions l\u00f6schen, auch hier kann man per filter nur bestimmte l\u00f6schen, statt alle Sessions wegzuschmeissen:<br \/>\nhttp:\/\/kb.fortinet.com\/kb\/microsites\/microsite.do?cmd=displayKC&#038;externalId=FD31635<\/p>\n<pre>\r\ndiagnose sys session filter ?\r\nclear      clear session filter\r\ndport      dest port\r\ndst         dest ip address\r\nnegate    inverse filter\r\npolicy     policy id\r\nproto      protocol number\r\nsport      source port\r\nsrc         source ip address\r\nvd          index of virtual domain. -1 matches all\r\n<\/pre>\n<p>z.B.:<\/p>\n<pre>\r\ndiagnose sys session filter src 10.160.0.1  10.160.0.10\r\ndiagnose sys session filter dport 80  888\r\ndiagnose sys session filter  session filter:\r\n        vd: any\r\n        proto: any\r\n        source ip: 10.160.0.1-10.160.0.10\r\n        dest ip: any\r\n        source port: any\r\n        dest port: 80-888\r\n        policy id: any\r\n        expire: any\r\n        duration: any\r\n<\/pre>\n<p>mit<\/p>\n<pre>\r\ndiagnose sys session list\r\n<\/pre>\n<p>sieht man die sessions, die den Filter matchen mit<\/p>\n<pre>\r\ndiagnose sys session clear\r\n<\/pre>\n<p>l\u00f6scht man die gematchten Sessions.<\/p>\n<p>ACHTUNG: ohne einen Filter schmeisst ein clear ALLE sessions der FGT weg.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>diag debug flow show console enable diag debug flow filter addr diag debug enable diag debug flow trace start 100 o.g. zeigt die n\u00e4chsten 100 Flows wo die Adresse beteiligt ist. den Filter kann man nat\u00fcrlich auch auf andere Sachen anwenden: diagnose debug flow filter addr IP address. clear Clear filter. daddr Destination IP address. &hellip; <a href=\"https:\/\/janscholten.de\/blog\/2013\/12\/fortigate-firewall-debuggen-und-sessions-loeschen\/\" class=\"more-link\"><span class=\"screen-reader-text\">Fortigate: Firewall debuggen und sessions l\u00f6schen<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,7,28,12],"tags":[40,53],"class_list":["post-392","post","type-post","status-publish","format-standard","hentry","category-allgemein","category-erfahrungen","category-fortinet","category-job","tag-debug","tag-fortinet"],"_links":{"self":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/comments?post=392"}],"version-history":[{"count":3,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/392\/revisions"}],"predecessor-version":[{"id":395,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/posts\/392\/revisions\/395"}],"wp:attachment":[{"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/media?parent=392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/categories?post=392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/janscholten.de\/blog\/wp-json\/wp\/v2\/tags?post=392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}