Chapter 18 Troubleshooting : ­Troubleshooting tools : FortiOS diagnostics : Session table : How to find which security policy a specific connection is using
  
How to find which security policy a specific connection is using
Every program and device on your network must have a communication channel, or session, open to pass information. The FortiGate unit manages these sessions with its many features from traffic shaping, to antivirus scanning, and even blocking known bad web sites. Each session has an entry in the session table. In the web, you can use the Session Monitor or Top Session Dashboard to view session information.
You may want to find information for a specific session, say a secure web browser session, for troubleshooting. For example if that web browser session is not working properly, you can check the session table to ensure the session is still active, and that it is going to the proper address. It can also tell you the security policy number it matches, so you can check what is happening in that policy.
1. Know your connection information.
You need to be able to identify the session you want. For this you need the source IP address (usually your computer), the destination IP address if you have it, and the port number which is determined by the program being used. Some commons ports are:
port 80 (HTTP for web browsing),
port 22 (SSH used for secure login and file transfers)
port 23 (telnet for a text connection)
port 443 (HTTPS for secure web browsing
2. Find your session and policy ID.
Follow System > Dashboard> Top Sources to the session table monitor. Find your session by finding your source IP address, destination IP address if you have it, and port number. The policy ID is listed after the destination information. If the list of sessions is very long, you can filter the list to make it easier to find your session.
3. When there are many sessions, use a filter to help you find your session.
If there are multiple pages of sessions it is difficult to find a single session. To help you in your search you can use a filter to block out sessions that you don’t want. Select the filter icon next to Src Address. In the window that pops up, enter your source IP address and select Apply. Now only sessions that originate from your IP address will be displayed in the session table. If the list is still too long, you can do the same for the Src port. That will make it easy to find your session and the security policy ID. When you are finished remember to clear the filters.