頁面目錄
環境說明:
FortiOS版本:After 6.0
FortiGate Session管理:
顯示Session Table:
diagnose sys session list
設定Session filter:
可以過濾條件查找,以下列出幾個常用條件
diagnose sys session filter <options>
sintf Source interface.
dintf Destination interface.
src Source IP address.
nsrc NAT’d source ip address
dst Destination IP address.
proto Protocol number.
sport Source port.
nport NAT’d source port
dport Destination port.
policy Policy ID.
清除過濾的session或所有Session(如果未設定session filter):
diagnose sys session clear
Session timeout設定:
全域和Port base timeout設定
config system session-ttl
set default 3600 #全域timeout設定,時間單位是秒預設值是3600秒
config port #Port base timeout設定
edit 1
set protocol 6
set timeout 3700
set start-port 443
set end-port 443
end
end
Service base timeout設定
config firewall service custom
edit 10443
set tcp-portrange 10443
set session-ttl 3600
end
Policy base timeout設定
config firewall policy
edit 100
set session-ttl 3600
end
No session timeout(支援FortiOS 6.4(含)後版本)
config system session-ttl
set default never
config port
edit 1
set protocol 6
set timeout never
set start-port 443
set end-port 443
end
end
config firewall service custom
edit 10443
set tcp-portrange 10443
set session-ttl never
end
config firewall policy
edit 100
set session-ttl never
end
了解更多資訊
