Fortinet black logo

CLI Reference

set system session filter

set system session filter

Use these commands to define the session filter for get system session commands.

Syntax

To clear filter settings
execute set system session filter clear all  Clear session filter.

execute set system session filter clear dport  Clear destination port.

execute set system session filter clear dst  Clear destination IP.

execute set system session filter clear duration  Clear duration.

execute set system session filter clear expire  Clear expire.

execute set system session filter clear policy  Clear policy ID.

execute set system session filter clear proto  Clear protocol.

execute set system session filter clear sport  Clear source port.

execute set system session filter clear src  Clear source IP.

execute set system session filter clear vd  Clear virtual domain.

To specify the destination port
execute set system session filter dport  Destination port.
        {xxxx}   <0-65535> (from).
            {xxxx}   <0-65535> (to).

To specify destination IP address
execute set system session filter dst  Destination IP address.
        {xxx.xxx.xxx.xxx}   Destination IP (from).
            {xxx.xxx.xxx.xxx}   Destination IP (to).

To specify duration
execute set system session filter duration  duration
        {xxx}   Duration (from).
            {xxx}   Duration (to).

To specify expiry
execute set system session filter expire  expire
        {xxx}   Expire (from).
            {xxx}   Expire (to).

To list the filter settings
execute set system session filter list  List system session filter.

To invert (or negate) filter settings
execute set system session filter negate dport  Inverse destination port.

execute set system session filter negate dst  Inverse destination IP.

execute set system session filter negate duration  Inverse duration.

execute set system session filter negate expire  Inverse expire.

execute set system session filter negate policy  Inverse policy ID.

execute set system session filter negate proto  Inverse protocol.

execute set system session filter negate sport  Inverse source port.

execute set system session filter negate src  Inverse source IP.

execute set system session filter negate vd  Inverse virtual domain.

To specify firewall policy ID
execute set system session filter policy  Policy ID.
        {xxx}   Policy ID (from).
            {xxx}   Policy ID (to).

To specify protocol
execute set system session filter proto  Protocol number.
        {xx}   <0-255> (from).
            {xx}   <0-255> (to).

To specify source port
execute set system session filter sport  Source port.
        {xxxx}   <0-65535> (from).
            {xxxx}   <0-65535> (to).

To specify source IP address
execute set system session filter src  Source IP address.
        {xxx.xxx.xxx.xxx}   Source IP (from).
            {xxx.xxx.xxx.xxx}   Source IP (to).

To specify virtual domain
execute set system session filter vd  Index of virtual domain. -1 matches all.
        {xxx}   Index of virtual domain. -1 matches all.

set system session filter

Use these commands to define the session filter for get system session commands.

Syntax

To clear filter settings
execute set system session filter clear all  Clear session filter.

execute set system session filter clear dport  Clear destination port.

execute set system session filter clear dst  Clear destination IP.

execute set system session filter clear duration  Clear duration.

execute set system session filter clear expire  Clear expire.

execute set system session filter clear policy  Clear policy ID.

execute set system session filter clear proto  Clear protocol.

execute set system session filter clear sport  Clear source port.

execute set system session filter clear src  Clear source IP.

execute set system session filter clear vd  Clear virtual domain.

To specify the destination port
execute set system session filter dport  Destination port.
        {xxxx}   <0-65535> (from).
            {xxxx}   <0-65535> (to).

To specify destination IP address
execute set system session filter dst  Destination IP address.
        {xxx.xxx.xxx.xxx}   Destination IP (from).
            {xxx.xxx.xxx.xxx}   Destination IP (to).

To specify duration
execute set system session filter duration  duration
        {xxx}   Duration (from).
            {xxx}   Duration (to).

To specify expiry
execute set system session filter expire  expire
        {xxx}   Expire (from).
            {xxx}   Expire (to).

To list the filter settings
execute set system session filter list  List system session filter.

To invert (or negate) filter settings
execute set system session filter negate dport  Inverse destination port.

execute set system session filter negate dst  Inverse destination IP.

execute set system session filter negate duration  Inverse duration.

execute set system session filter negate expire  Inverse expire.

execute set system session filter negate policy  Inverse policy ID.

execute set system session filter negate proto  Inverse protocol.

execute set system session filter negate sport  Inverse source port.

execute set system session filter negate src  Inverse source IP.

execute set system session filter negate vd  Inverse virtual domain.

To specify firewall policy ID
execute set system session filter policy  Policy ID.
        {xxx}   Policy ID (from).
            {xxx}   Policy ID (to).

To specify protocol
execute set system session filter proto  Protocol number.
        {xx}   <0-255> (from).
            {xx}   <0-255> (to).

To specify source port
execute set system session filter sport  Source port.
        {xxxx}   <0-65535> (from).
            {xxxx}   <0-65535> (to).

To specify source IP address
execute set system session filter src  Source IP address.
        {xxx.xxx.xxx.xxx}   Source IP (from).
            {xxx.xxx.xxx.xxx}   Source IP (to).

To specify virtual domain
execute set system session filter vd  Index of virtual domain. -1 matches all.
        {xxx}   Index of virtual domain. -1 matches all.