Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmehta
Staff
Staff

Created on ‎12-23-2024 09:52 PM

Article Id 364535

Technical Tip: FortiGate Global Connection Table (Session Table)

Description This article describes the FortiGate have a global connection table.
Scope FortiGate
Solution

FortiGate has a Global Connection Table:

FortiGates maintains a global connection table, commonly referred to as the session table.

This table keeps track of all active sessions passing through the firewall, including TCP, UDP, ICMP, and other protocol-based connections. Each entry in the table represents a unique session that FortiGate monitors for stateful inspection and connection handling.

 

Entries possible in the Global Connection Table:

The maximum number of entries in the global connection table depends on the FortiGate model and its hardware specifications.

 

Here are typical session limits for various FortiGate models:

  • Entry-Level Models (e.g., FortiGate-40F): Up to 700,000 concurrent sessions.
  • Mid-Range Models (e.g., FortiGate-100F): Up to 1 to 2 million concurrent sessions.
  • High-End Models (e.g., FortiGate-1500D, 3600E): Up to 10 million or more concurrent sessions.

 

Every record in the session table includes:

  • Session ID: Identifying code for the session.
  • Source/Destination IPs: Endpoints of the traffic within the session.
  • Source/Destination Ports: Port communication.
  • Protocol: Type of the protocol used in the session (e.g. TCP, UDP, ICMP).
  • Policy ID: The identifying number of the firewall policy concerning the session.
  • State: The state of the session (for example ESTABLISHED, TIME_WAIT, or CLOSE_WAIT).
  • Timeout: Duration of the expiration timer for the session awaiting the event.
  • Bytes Sent/Received: Amount of data exchanged during the session.
  • NAT Details: Actual source and/or destination address to which the session is translated.


check the session limit:


get system performance status

 

This command shows real-time system performance, including a maximum number of sessions:


Example:

 

get system performance status
Average sessions: 3471 sessions in 1 minute, 3218 sessions in 10 minutes, 3078 sessions in 30 minutes
Maximal sessions: 3956 sessions in 1 minute, 3956 sessions in 10 minutes, 3956 sessions in 30 minutes
Average session setup rate: 81 sessions per second in last 1 minute, 70 sessions per second in last 10 minutes, 64 sessions per second in last 30 minutes
Maximal session setup rate: 182 sessions per second in last 1 minute, 182 sessions per second in last 10 minutes, 191 sessions per second in last 30 minutes 

 


Check the current session count on a FortiGate using the following CLI command:

 

diagnose sys session list | grep ´session´

 

This command shows a number of active sessions and helps monitor the firewall´s capacity.


Example:

 

session info: proto=6 proto_state=01 duration=10 expire=3599 timeout=3600 source=192.168.1.100:55344 destination=172.16.0.1:443

 

Summary:

  • FortiGates have a global connection table for tracking active sessions.
  • The maximum number of entries varies by model (e.g., 700,000 for 40F, millions for higher models).
  • Monitor session usage with CLI commands to ensure the firewall operates within capacity.
1655
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.