Technical Tip: How often to log 'NAT port is exhausted.' while NAT port is being constantly used

When FortiGates are already exhausted, all NAT ports with new sessions coming, creating sessions can be denied by FortiGates that increment 'clash' and write logs.

Writing every single log of 'NAT port is exhausted.' could be an extreme burden for FortiGates. So FortiGates write 10 lines every 7 to 8 seconds.

In this example, a FortiGate has only one SNAT IP, which can create 60,418 sessions.

1. Only 60,418 sessions are created. New sessions are denied due to the exhaustion of the NAT port. The value of 'clash' is on the rise.
   
   

2. Logs are written 10 lines every 7 to 8 seconds.

    

   

    

3. The log sample below shows only one line at a time for convenience.