Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmehta
Staff
Staff

Created on ‎12-23-2024 09:52 PM Edited on ‎12-08-2025 08:53 AM By Community Manager

Article Id 364535

Technical Tip: FortiGate Global Connection Table (Session Table)

Description This article describes the FortiGate has a global connection table.
Scope FortiGate.
Solution

FortiGate has a Global Connection Table:

FortiGates maintains a global connection table, commonly referred to as the session table.

This table keeps track of all active sessions passing through or terminates at the firewall, including TCP, UDP, ICMP, and other protocol-based connections. Each entry in the table represents a unique session that FortiGate monitors for stateful inspection and connection handling.

 

The following command can be used to display the total number of active sessions in a particular VDOM;

 

get system session status
The total number of IPv4 sessions for the current VDOM: 223

 

To view a brief summary of each session, use the 'get system session list' shown below:

 

get system session list
PROTO EXPIRE SOURCE SOURCE-NAT DESTINATION DESTINATION-NA T
udp 41 192.168.10.10:50979 192.168.2.18:50979 192.168.2.1:53 -
udp 31 192.168.10.10:51139 192.168.2.18:51139 192.168.2.1:53 -
udp 31 192.168.10.10:52915 192.168.2.18:52915 192.168.2.1:53 -
udp 31 192.168.10.10:52491 192.168.2.18:52491 192.168.2.1:53 -
udp 31 192.168.10.10:52187 192.168.2.18:52187 192.168.2.1:53 -
udp 42 192.168.10.10:53939 192.168.2.18:53939 192.168.2.1:53 -
udp 33 192.168.10.10:64687 192.168.2.18:64687 184.150.39.65:443 -
udp 112 192.168.10.10:55539 192.168.2.18:55539 192.168.2.1:53 -
tcp 3578 192.168.10.10:57186 192.168.2.18:57186 172.172.255.218:443 -
udp 2 192.168.10.10:56355 192.168.2.18:56355 192.168.2.1:53 -
udp 83 192.168.10.10:58147 192.168.2.18:58147 192.168.2.1:53 -
udp 41 192.168.10.10:59075 192.168.2.18:59075 192.168.2.1:53 -
udp 114 192.168.10.10:58251 192.168.2.18:58251 192.168.2.1:53 -
udp 69 192.168.10.10:58283 192.168.2.18:58283 192.168.2.1:53 -

      

The command "get system session list" includes information of Source IP address, Destination IP address, protocol  and port.

 

Entries possible in the Global Connection Table:

The maximum number of entries in the global connection table depends on the FortiGate model and its hardware specifications.

 

Here are typical session limits for various FortiGate models:

  • Entry-Level Models (e.g., FortiGate-40F): Up to 700,000 concurrent sessions.
  • Mid-Range Models (e.g., FortiGate-100F): Up to 1 to 2 million concurrent sessions.
  • High-End Models (e.g., FortiGate-1500D, 3600E): Up to 10 million or more concurrent sessions.

 

Every record in the session table includes:

  • Session ID: Identifying code for the session.
  • Source/Destination IPs: Endpoints of the traffic within the session.
  • Source/Destination Ports: Port communication.
  • Protocol: Type of the protocol used in the session (e.g. TCP, UDP, ICMP).
  • Policy ID: The identifying number of the firewall policy concerning the session.
  • State: The state of the session (for example ESTABLISHED, TIME_WAIT, or CLOSE_WAIT).
  • Timeout: Duration of the expiration timer for the session awaiting the event.
  • Bytes Sent/Received: Amount of data exchanged during the session.
  • NAT Details: Actual source and/or destination address to which the session is translated.


Check the session limit:


get system performance status

 

This command shows real-time system performance, including the maximum number of sessions:


Example:

 

get system performance status
Average sessions: 3471 sessions in 1 minute, 3218 sessions in 10 minutes, 3078 sessions in 30 minutes
Maximal sessions: 3956 sessions in 1 minute, 3956 sessions in 10 minutes, 3956 sessions in 30 minutes
Average session setup rate: 81 sessions per second in last 1 minute, 70 sessions per second in last 10 minutes, 64 sessions per second in last 30 minutes
Maximal session setup rate: 182 sessions per second in last 1 minute, 182 sessions per second in last 10 minutes, 191 sessions per second in last 30 minutes 


Check the current session count on a FortiGate using the following CLI command:

 

diagnose sys session list | grep ´session´

 

This command shows many active sessions and helps monitor the firewall´s capacity.


Example:

 

session info: proto=6 proto_state=01 duration=10 expire=3599 timeout=3600 source=192.168.1.100:55344 destination=172.16.0.1:443

 

Summary:

  • FortiGates have a global connection table for tracking active sessions.
  • The maximum number of entries varies by model (e.g., 700,000 for 40F, millions for higher models).
  • Monitor session usage with CLI commands to ensure the firewall operates within capacity.

 

Related article:

Technical Tip: FortiGate Role Alignment and Capacity Planning
2620
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.