tcp_src_session

IE5 if i remember offhand, by default has a limit of 4 set, so each web page would only make upto four connections simultaneously. This can be changed though, most commonly by tweak utils on the client. But 50 is very high, it might be that the session is not timing out, so they still appear although they have essentially finished. You would also see over 50 sessions if the company is using a proxy server, as this one IP would be serving all HTTP requests for all users. For example, 10 users behind a proxy all visiting a webserver, could result in 40 requests (aka sessions). And yes that is whats sessions means, its a single tcp connection requesting info. Hope this helps.

Thanks. That clarifies things. Any idea what causes sessions to not timeout? I guess if it was a genuine request then the user would just have to do a refresh to get back in?

What sessions do you mean, exactly? TCP sessions timeout after (if I remember correctly) 360 seconds - that' s 6 minutes. HTTP sessions are a setting in the webserver and not controlled by a FGT.

It is controlled by the FGT as well, all sessions going through the firewall are, although technically to have a http session that isnt doing much for that amount of time is probably unlikely. But i see the fortinet having these open quite often, when they have actually closed. This could be clients not adhering to the tcp specifications.