The session has been altered (requires may-dirty). Session details are allowed to be altered. State: See the table below for a list of states and what is the meaning. When no COS is utilized the value is 255/255. Vlan_cos : Ingress COS values are displayed in the session output in the range 0-7/255, but admin COS values are displayed in the range 8-15/255 even though the value on the wire will be in the range 0-7. Helper: name of the utilized session helper. Policy_dir : 0 original direction | 1 reply direction. *shaper : the traffic shaper profile info (if traffic shaping is utilized). T imeout: an indicator of how long the session can stay open in the current state (value in seconds). Note: Even though UDP is a stateless protocol, the FortiGate still keeps track of 2 different 'states'.ĭuration : duration of the session (value in seconds).Į xpire: a countdown from the 'timeout' since the last packet passing via session (value in seconds). When a session is closed by both sides, FortiGate keeps that session in the session table for a few seconds more, to allow for any out-of-order packets that might arrive after the FIN/ACK packet. After the three-way handshake, the state value changes to 1. It changes to 3 when the SYN/ACK packet is received. For example, when FortiGate receives the SYN packet, the second digit is 2. The table above correlates the second-digit value with the different TCP session states. The second digit is the client-side state. If flow or proxy inspection is done, then the first digit will be different from 0. Note: proto_state is a 2-digit number because the FortiGate is a stateful firewall (keeps track of both directions of the session) proto_state=OR means the Original direction and the Reply direction.įor TCP, the first number (from left to right) is related to the server-side state and is 0 when the session is not subject to any inspection (flow or proxy). Proto_state: state of the session (depending on protocol) Serial=0161f3cf tos=ff/ff app_list=0 app=0 url_cat=0 Misc=0 policy_id=0 auth_info=0 chk_client_info=0 vd=0 To clear filtered sessions (or all sessions, if no session filter is set): This article provides an explanation of various fields of the FortiGate session table.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |