Description

This article describes how to check the number of sessions through CLI.

Scope

FortiGate.

Solution

To validate the number of concurrent sessions from the CLI, use the following command (to see the average session that the team has, for example)

TEST-FGT# get system performance status
CPU states: 6% user 1% system 0% nice 95% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 99% idle 0% iowait 0% irq 1% softirq
CPU1 states: 6% user 0% system 0% nice 94% idle 0% iowait 0% irq 0% softirq
CPU2 states: 4% user 0% system 0% nice 96% idle 0% iowait 0% irq 0% softirq
CPU3 states: 5% user 0% system 0% nice 95% idle 0% iowait 0% irq 0% softirq
CPU4 states: 0% user 5% system 0% nice 94% idle 0% iowait 0% irq 1% softirq
CPU5 states: 0% user 0% system 0% nice 99% idle 0% iowait 0% irq 1% softirq
CPU6 states: 2% user 1% system 0% nice 98% idle 0% iowait 0% irq 0% softirq
CPU7 states: 1% user 6% system 0% nice 93% idle 0% iowait 0% irq 0% softirq
Memory: 24720016k total, 10633260k used (43.0%), 10739748k free (43.4%), 3347008k freeable (13.6%)
Average network usage: 166078 / 168358 kbps in 1 minute, 200050 / 205501 kbps in 10 minutes, 200622 / 206216 kbps in 30 minutes
Maximal network usage: 426162 / 435317 kbps in 1 minute, 670364 / 676625 kbps in 10 minutes, 1045523 / 1053210 kbps in 30 minutes
Average sessions: 68064 sessions in 1 minute, 60655 sessions in 10 minutes, 59058 sessions in 30 minutes < ----
Maximal sessions: 70748 sessions in 1 minute, 70748 sessions in 10 minutes, 70748 sessions in 30 minutes < ----
Average session setup rate: 624 sessions per second in last 1 minute, 522 sessions per second in last 10 minutes, 511 sessions per second in last 30 minutes
Maximal session setup rate: 1100 sessions per second in last 1 minute, 1100 sessions per second in last 10 minutes, 1100 sessions per second in last 30 minutes

In addition, use the command: 'diag sys session session stat (EXAMPLE 1)' or 'diag sys session full-stat (EXAMPLE 2)'To see the value of 'session_count'.

(EXAMPLE 1):

TEST-FGT# # diag sys session stat
misc info: session_count=39 setup_rate=4 exp_count=0 clash=0
memory_tension_drop=0 ephemeral=0/129527 removeable=0 extreme_low_mem=0
npu_session_count=0
delete=0, flush=2, dev_down=1/1861 ses_walkers=0
TCP sessions:
19 in ESTABLISHED state
1 in TIME_WAIT state
1 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ips_recv=00000000
policy_deny=00000038
av_recv=00000000
fqdn_count=00000009
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

(EXAMPLE 2):

FGVM01TM24003830 # diag sys session full-stat
session table: table_size=262144 max_depth=1 used=72
misc info: session_count=39 setup_rate=0 exp_count=0 clash=0
memory_tension_drop=0 ephemeral=0/129527 removeable=0 extreme_low_mem=0
npu_session_count=0
delete=0, flush=2, dev_down=1/1861 ses_walkers=0
TCP sessions:
20 in ESTABLISHED state
1 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ips_recv=00000000
policy_deny=00000038
av_recv=00000000
fqdn_count=00000009
fqdn6_count=00000000

Another option to validate the number of concurrent sessions (and filter amount of sessions of a specific source IP) from the GUI follows the next article: How to know wich policy ID is used in For... - Fortinet Community