码迷,mamicode.com
首页 > 其他好文 > 详细

(FortiGate)飞塔防火墙过滤指定会话并清理

时间:2018-02-01 10:38:16      阅读:266      评论:0      收藏:0      [点我收藏+]

标签:dnat   font   domain   火墙   dex   vpd   地址   none   ado   

技术分享图片


FG600D3918701304 # diagnose sys  session filter(设置过滤条件)

vd                Index of virtual domain. -1 matches all.

sintf             Source interface.

dintf             Destination interface.

src               Source IP address.

nsrc              NAT'd source ip address

dst               Destination IP address.

proto             Protocol number.

sport             Source port.

nport             NAT'd source port

dport             Destination port.

policy            Policy ID.

expire            expire

duration          duration

proto-state       Protocol state.

session-state1    Session state1.

session-state2    Session state2.

clear             Clear session filter.

negate            Inverse filter.


FG600D3918701304 # diagnose sys  session filter src 10.10.10.1(设置过滤条件为源地址10.10.10.1)

FG600D3918701304 # diagnose sys session list(罗列出过滤条件匹配的会话)

session info: proto=17 proto_state=01 duration=18 expire=161 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6

origin-shaper=

reply-shaper=

per_ip_shaper=

ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255

state=redir log local may_dirty nlb none

statistic(bytes/packets/allow_err): org=55/1/1 reply=71/1/1 tuples=3

tx speed(Bps/kbps): 2/0 rx speed(Bps/kbps): 3/0

orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1

hook=post dir=org act=snat 10.10.10.1:54831->223.5.5.5:53(113.102.131.230:54831)

hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:54831(10.10.10.1:54831)

hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:54831(0.0.0.0:0)

misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0

serial=012ee90e tos=40/40 app_list=0 app=0 url_cat=0

dd_type=0 dd_mode=0

npu_state=0x040400

no_ofld_reason:  redir-to-av non-npu-intf

session info: proto=17 proto_state=01 duration=9 expire=170 timeout=0 flags=00000000 sockflag=00000000 sockport=7900 av_idx=0 use=6

origin-shaper=

reply-shaper=

per_ip_shaper=

ha_id=0 policy_dir=0 tunnel=/ helper=dns-udp vlan_cos=0/255

state=redir log local may_dirty nlb none

statistic(bytes/packets/allow_err): org=71/1/1 reply=148/1/1 tuples=3

tx speed(Bps/kbps): 7/0 rx speed(Bps/kbps): 15/0

orgin->sink: org pre->post, reply pre->post dev=18->54/54->18 gwy=113.102.128.1/10.10.10.1

hook=post dir=org act=snat 10.10.10.1:56119->223.5.5.5:53(113.102.131.230:56119)

hook=pre dir=reply act=dnat 223.5.5.5:53->113.102.131.230:56119(10.10.10.1:56119)

hook=post dir=reply act=noop 223.5.5.5:53->10.10.10.1:56119(0.0.0.0:0)

misc=0 policy_id=47 auth_info=0 chk_client_info=0 vd=0

serial=012eedd7 tos=40/40 app_list=0 app=0 url_cat=0

dd_type=0 dd_mode=0

npu_state=0x040400

no_ofld_reason:  redir-to-av non-npu-intf

......


FG600D3918701304 # diagnose sys session clear(将过滤条件匹配的所有会话清除)


FG600D3918701304 # diagnose sys session list(再次查看过滤条件匹配的所有会话)

total session 0(会话为 0)


FG600D3918701304 # diagnose sys session filter clear(清除设置好的过滤条件)

(FortiGate)飞塔防火墙过滤指定会话并清理

标签:dnat   font   domain   火墙   dex   vpd   地址   none   ado   

原文地址:http://blog.51cto.com/abnerhuang/2067585

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!