Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
johnathan
Staff
Staff

Created on ‎06-10-2025 08:44 AM

Article Id 395757

Technical Tip: How to check the maximum number of ephemeral sessions per model

Description This article describes how to check the limit of ephemeral sessions per model.
Scope FortiOS.
Solution

Ephemeral sessions are sessions the FortiGate deems have not been fully set up yet.

An example of this would be a session where the TCP handshake has not been established yet.

Or for UDP a session where only one packet has been sent, and there is no reply.

The FortiGate puts a cap on the number of sessions whom can be in this state.

The cap is determined by the model of FortiGate. Fortinet does not have a list of the maximum number of these sessions per model, but it is possible to check this on the device by running a command.

The command for this is 'diagnose sys session stat'. The following is an example of the output:

 

rrrrrr.PNG

 

As per the output, there are no ephemeral sessions ongoing and the limit for this model is 131062.
823
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.