Technical Tip: How to check the maximum number of ephemeral sessions per model

Ephemeral sessions are sessions the FortiGate deems have not been fully set up yet.

An example of this would be a session where the TCP handshake has not been established yet.

Or for UDP a session where only one packet has been sent, and there is no reply.

The FortiGate puts a cap on the number of sessions whom can be in this state.

The cap is determined by the model of FortiGate. Fortinet does not have a list of the maximum number of these sessions per model, but it is possible to check this on the device by running a command.

The command for this is 'diagnose sys session stat'. The following is an example of the output:

As per the output, there are no ephemeral sessions ongoing and the limit for this model is 131062.