Fortinet white logo
Fortinet white logo

Administration Guide

FortiView Sessions console

FortiView Sessions console

The FortiView Sessions console displays the top sessions by traffic source and can be used to end sessions.

This console has the greatest number of column options to choose from. To choose which columns you want to view, select the column settings cog at the far right of the columns and select your desired columns. They can then be clicked and dragged in the order that you wish them to appear.

Some of the columns available in FortiView are only available in All Sessions. For example, the Action column displays the type of response taken to a security event. This function can be used to review what sort of threats were detected, whether the connection was reset due to the detection of a possible threat, and so on. This would be useful to display alongside other columns such as the Source, Destination, and Bytes (Sent/Received) columns, as patterns or inconsistencies can be analyzed.

Similarly, there are a number of filters that are only available in All Sessions, one of which is Protocol. This allows you to display the protocol type associated with the selected session, for example, TCP, FTP, HTTP, HTTPS, and so on.

The FortiView Sessions console is useful when verifying open connections. For example, if you have a web browser open to browse the Fortinet website, you would expect a session entry from your computer on port 80 to the IP address for the Fortinet website. You can also use a session table to investigate why there are too many sessions for the FortiProxy unit to process.

You can also view the session data in the CLI.

To view session data using the CLI:
# diagnose sys session list

The session table output in the CLI is very large. You can use the supported filters in the CLI to show only the data you need.

To view session data with filters using the CLI:
# diagnose sys session filter {sintf | dintf | src | nsrc | dst | proto | sport | nport | dport | policy | clear}

FortiView Sessions console

FortiView Sessions console

The FortiView Sessions console displays the top sessions by traffic source and can be used to end sessions.

This console has the greatest number of column options to choose from. To choose which columns you want to view, select the column settings cog at the far right of the columns and select your desired columns. They can then be clicked and dragged in the order that you wish them to appear.

Some of the columns available in FortiView are only available in All Sessions. For example, the Action column displays the type of response taken to a security event. This function can be used to review what sort of threats were detected, whether the connection was reset due to the detection of a possible threat, and so on. This would be useful to display alongside other columns such as the Source, Destination, and Bytes (Sent/Received) columns, as patterns or inconsistencies can be analyzed.

Similarly, there are a number of filters that are only available in All Sessions, one of which is Protocol. This allows you to display the protocol type associated with the selected session, for example, TCP, FTP, HTTP, HTTPS, and so on.

The FortiView Sessions console is useful when verifying open connections. For example, if you have a web browser open to browse the Fortinet website, you would expect a session entry from your computer on port 80 to the IP address for the Fortinet website. You can also use a session table to investigate why there are too many sessions for the FortiProxy unit to process.

You can also view the session data in the CLI.

To view session data using the CLI:
# diagnose sys session list

The session table output in the CLI is very large. You can use the supported filters in the CLI to show only the data you need.

To view session data with filters using the CLI:
# diagnose sys session filter {sintf | dintf | src | nsrc | dst | proto | sport | nport | dport | policy | clear}