Fortigate offers a session count thru the gui, but it's not as flexible as what you can do from the command line. The cli provides more flexibility, and in fact ; you can filter option in the webgui, but it's not as quick nor easy to deploy.
If you need to quickly change filters, the cli is the best means.
( samples of the webGui session details )
The diag system session or session6 command, provides either the ipv4 or ipv6 sessions stats. With this command you can filter by a host of parameters. This allows you to zoom into the sessions types that you might have interests in.
here's those parameters;
As you can see from the above, we have a host of parameters. In the case of the output above, I'm filtering for icmp ( protocol #1 )
A simple ping to my wan2 interface after allowance for ping, will display the session(s) with the above filter.
Filtering on sessions in this manner, allows for quick diagnostics of the total sessions & helps with quickly identifying states within your fortigate firewall.
You should get use to applying and clearing filters in your everyday monitoring , and trouble-shooting activities.
To wrap up, the flexibility in the filter is amazing and with creativity, you can filter on a host fields. In this last snapshot; " here's a filter using just the policyID"
( I highlighted some key items )
The session filters along with diag debug flow, are two of the most important diagnostic commands that we have. These commands, make the life of diagnostic for fortigate series firewalls, much easier. They are simple to deploy provide more details than most other brands ( cisco ASA, Juniper NS/SRX ) and the information is very useful.
Freelance Network/Security Engineer
kfelix at hyperfeed .....dot....com
=( * * )=