Skip to main content
deadwavevaef
deadwavevaef
Visitor III
May 8, 2026
Question

How to send alert email when abnormal increase in RDP/session count on FortiGate

  • May 8, 2026
  • 3 replies
  • 59 views

We are using a FortiGate-200G running FortiOS v7.6.6.
We would like to know if there is a way to send alert email notifications when there is a sudden increase in the number of sessions, such as RDP sessions, passing through the FortiGate.
If there is a method using FortiAnalyzer, please let us know.
Alternatively, a solution using only the FortiGate would also be acceptable.

3 replies

funkylicious
SuperUser
funkylicious
SuperUser
May 8, 2026

i know that there is a snmp oid that tracks the overall session count, not per specific port/service.

"jack of all trades, master of none"
kaman
Staff
kaman
Staff
May 9, 2026


Hi Deadwavevaef,
 

FortiOS does not have a single "RDP count" trigger, you can use a combination of DoS Policy logs or CPU/Memory thresholds which often spike during session floods.
 

DoS Policy Trigger (Recommended for RDP): Create a DoS Policy (under Policy & Objects > DoS Policy) for RDP traffic (Port 3389). Set a threshold if the sessions exceed this, it generates a log.
 

https://community.fortinet.com/fortigate-3/technical-tip-how-to-enable-dos-logs-in-fortigate-209339
 

If you have found a solution, please like and accept it to make it easily accessible to others.
 

Regards,
Aman

AEK
SuperUser
AEK
SuperUser
May 9, 2026

I didn’t try it but probably the simplest way to do ii with FGT only is with DOS policy + automation stitch, since DOS policy is the one that has statistics on session rate per service/port.

AEK
Terms & ConditionsAccessibility statement