Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiADC 8.0.0 CLI Reference
    8.0.0
    8.0.2
    8.0.1
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    diagnose server-load-balance session

    diagnose server-load-balance session

    Use this command to filter and display the session table (current sessions).

    Syntax

    diagnose server-load-balance session filter {'<option>'|show|clear}

    diagnose server-load-balance session list

    diagnose server-load-balance session clear {l4|l7-http}

    filter

    Create, show, or clear session list filters.

    Use multiple commands to add filters to the filter list. For example, one command to add a source-ip filter and another to add a vs-name filter.

    Put the filter expression in single quotes.

    Filter options include:

    • source-ip—Single IP address or specify start and end addresses of a range.
    • source-port—Single port number or start and end port numbers of a range.
    • dest-ip—Single IP address or specify start and end addresses of a range.
    • dest-port—Single port number or start and end port numbers of a range.
    • trans-source-ip—Single IP address or specify start and end addresses of a range.
    • trans-source-port—Single port number or start and end port numbers of a range.
    • trans-dest-ip—Single IP address or specify start and end addresses of a range.
    • trans-dest-port—Single port number or start and end port numbers of a range.
    • type—Specify ipv4, ipv6, ipv4v6, or ipv6v4.
    • protocol—Specify tcp or udp.
    • vs-name—Specify a space-separated list of up to 8 virtual server configuration names.
    • rs-name—Specify a space-separated list of up to 8 real server configuration names.

    Note: For l7-http operations, sessions that do not establish a server-side connection (e.g., incomplete or early-stage httproxy sessions) may lack translated address information. As a result, filters that rely on fields such as trans-dest-ip or trans-source-port may not match these entries and will have no effect during the clear operation.

    list

    		 List matching sessions.

    clear

    Clear the list of matching sessions.

    Clear options include:

    • l4 — l4 (lowercase "L" four) is the abbreviated form of Layer 4. Use the l4 option to clear the Layer 4 session table.
    • l7-http — l7 (lowercase "L" seven) is the abbreviated form of Layer 7. Use this option to clear sessions for virtual servers handled by the httproxy engine, including HTTP, HTTPS, TCPS, and RDP. This operation targets the Layer 7 session table specifically.
      To prevent unintended disruption, always define filters using diagnose server-load-balance session filter before executing the clear operation.
      Note: Executing this command forcibly terminates matching connections, dropping any in-progress transactions. On systems with a large number of active sessions, the clearing process may introduce temporary delays or impact traffic forwarding as httproxy reinitializes session state. Use caution in live environments.

    Example

    FortiADC-VM # diagnose server-load-balance session filter 'source-ip 10.1.1.1 10.1.1.100'

    FortiADC-VM # diagnose server-load-balance session filter 'vs-name vs1 vs2'

    FortiADC-VM # diagnose server-load-balance session filter show

    filter=[flag:1000 type:0 protocol:0 service:0

    source ip range: :: - :: port range: 0 - 0

    dest ip range: :: - :: port range: 0 - 0

    trans source ip range: :: - :: port range: 0 - 0

    trans dest ip range: :: - :: port range: 0 - 0

    virtual server: vs1 vs2

    real server:]

    FortiADC-VM # diagnose server-load-balance session list

    client-ip/port virtual-server-ip/port local-ip/port real-server-ip/port protocol service state in-bytes out-bytes expire virtual-server-name real-server-name

    FortiADC-VM #

    Previous
    Next

    diagnose server-load-balance session

    diagnose server-load-balance session

    Use this command to filter and display the session table (current sessions).

    Syntax

    diagnose server-load-balance session filter {'<option>'|show|clear}

    diagnose server-load-balance session list

    diagnose server-load-balance session clear {l4|l7-http}

    filter

    Create, show, or clear session list filters.

    Use multiple commands to add filters to the filter list. For example, one command to add a source-ip filter and another to add a vs-name filter.

    Put the filter expression in single quotes.

    Filter options include:

    • source-ip—Single IP address or specify start and end addresses of a range.
    • source-port—Single port number or start and end port numbers of a range.
    • dest-ip—Single IP address or specify start and end addresses of a range.
    • dest-port—Single port number or start and end port numbers of a range.
    • trans-source-ip—Single IP address or specify start and end addresses of a range.
    • trans-source-port—Single port number or start and end port numbers of a range.
    • trans-dest-ip—Single IP address or specify start and end addresses of a range.
    • trans-dest-port—Single port number or start and end port numbers of a range.
    • type—Specify ipv4, ipv6, ipv4v6, or ipv6v4.
    • protocol—Specify tcp or udp.
    • vs-name—Specify a space-separated list of up to 8 virtual server configuration names.
    • rs-name—Specify a space-separated list of up to 8 real server configuration names.

    Note: For l7-http operations, sessions that do not establish a server-side connection (e.g., incomplete or early-stage httproxy sessions) may lack translated address information. As a result, filters that rely on fields such as trans-dest-ip or trans-source-port may not match these entries and will have no effect during the clear operation.

    list

    		 List matching sessions.

    clear

    Clear the list of matching sessions.

    Clear options include:

    • l4 — l4 (lowercase "L" four) is the abbreviated form of Layer 4. Use the l4 option to clear the Layer 4 session table.
    • l7-http — l7 (lowercase "L" seven) is the abbreviated form of Layer 7. Use this option to clear sessions for virtual servers handled by the httproxy engine, including HTTP, HTTPS, TCPS, and RDP. This operation targets the Layer 7 session table specifically.
      To prevent unintended disruption, always define filters using diagnose server-load-balance session filter before executing the clear operation.
      Note: Executing this command forcibly terminates matching connections, dropping any in-progress transactions. On systems with a large number of active sessions, the clearing process may introduce temporary delays or impact traffic forwarding as httproxy reinitializes session state. Use caution in live environments.

    Example

    FortiADC-VM # diagnose server-load-balance session filter 'source-ip 10.1.1.1 10.1.1.100'

    FortiADC-VM # diagnose server-load-balance session filter 'vs-name vs1 vs2'

    FortiADC-VM # diagnose server-load-balance session filter show

    filter=[flag:1000 type:0 protocol:0 service:0

    source ip range: :: - :: port range: 0 - 0

    dest ip range: :: - :: port range: 0 - 0

    trans source ip range: :: - :: port range: 0 - 0

    trans dest ip range: :: - :: port range: 0 - 0

    virtual server: vs1 vs2

    real server:]

    FortiADC-VM # diagnose server-load-balance session list

    client-ip/port virtual-server-ip/port local-ip/port real-server-ip/port protocol service state in-bytes out-bytes expire virtual-server-name real-server-name

    FortiADC-VM #

    Previous
    Next