To view filtered sessions in the Fortinet Command Line interface (CLI) on a FortiGate firewall, you can use the “diagnose sys session list” command after you apply the filtering options you would like to use.

1. Access the FortiGate CLI through SSH or console connection, you can use a program like PuTTY or a windows terminal.
2. Log in with your administrator credentials.
3. Use the “diagnose sys sessions filter” command with the desired filtering options. For example, to filter sessions sourcing from 192.168.1.10:

diagnose sys sessions filter src 192.168.1.10

1. After applying the filter, use the “diagnose sys session list” command to view the filtered sessions:

diagnose sys sessions list

This command will display the list of sessions that match your specified filtering criteria.

The output may be quite large, depending on the number of sessions matching the filter, but thankfully you can use additional options with the “diagnose sys session list” command to customize the output, like specifying the number of sessions to display or filtering based on specific session states.

Let’s look at an example to limit the number of displayed sessions to 100:

diagnose sys session list | head -n 100

Now lets filter our sessions that are currently in an established state.

diagnose sys sessions list | grep "ESTABLISHED"

Please remember that the cli is case-sensitive and you will need to enter the filtering parameters correctly to get accurate results.

Now that we have found the sessions that we might want to clear let’s run the below command to clear the pesky connections. Remember using this command without any filters applied will clear all sessions currently opened on the FortiGate unit, BE CAREFUL!

diagnose sys session clear

Thanks for reading and please check out our YouTube channel for more content.