Skip to main content
boneyard
boneyard
Valued Contributor
February 18, 2026
Question

diag sys session stat - dev_down x/y values

  • February 18, 2026
  • 2 replies
  • 261 views

found several KB articles state the dev_down value in diagnose sys session stat or diagnose sys session full-stat is related to the time firewall sessions are deleted because an (IPsec) interface goes down, although one says IPsec admin down and the other general interface down ... planning to do some tests on that soonish.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-sys/ta-p/192305

 

But how does it relate to two values? what is the first and the second value, a recent and total value perhaps? Can't find the exact answer in the KBs.

2 replies

Stephen_G
Moderator
Stephen_G
Moderator
February 23, 2026

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

If anybody else has any info or advice, please feel free to contribute!

Regards,
Stephen_G - Fortinet Community Team
AEK
SuperUser
AEK
SuperUser
February 25, 2026

Hi Boneyard

From first tec tip:

  • dev_down: Total number of sessions that have been removed because interface went down.

From second tec tip:

  • dev_down: Counts the number of times a request was made to delete all firewall sessions related to an IPsec interface that has been taken administratively down.

For me (and I think it is correct), it should mean the first value is the number of times it has been triggered (interface down), and the second value is the number of total deleted sessions.

AEK
boneyard
boneyardAuthor
Valued Contributor
March 4, 2026

appreciate your reply AEK.

 

been testing this a bit, behaviour is quite odd on different versions. some reset to 0/0 after seconds. some already have values above 0 even after a reboot.

 

in general it seems the first number is indeed the number of times the interfaces goes down. so everytime i admin disable an interface it goes up by one. both for normal and IPsec interface.

 

the second is weirder, it isn't a simple going up with the number of deleted session, either per interface down or cumulative. it actually goes down sometimes ... and at other times it always goes up with the same value, which is too large for the number of sessions and would be weird to be exact same every time.

 

I would love an actual Fortinet employee or Fortinet article to answer this.

Terms & ConditionsAccessibility statement