FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff
Article Id 364632
Description This article describes how to poll the total value of NPU-offloaded sessions on FortiGate using SNMP.
Scope FortiGate
Solution

The SNMP Object 'fgNPUSessionCount' with OID .1.3.6.1.4.1.12356.101.20.2.1.1.3 derives the total number of NPU sessions as reported by the output of the command 'diag npu np7 sse-stats all'. Refer to the value under the column 'Total entcnt'.

 

diag npu np7 sse-stats all

[NP7_0]
Counters SSE0 SSE1 SSE2 SSE3 Total
--------------- --------------- --------------- --------------- --------------- ---------------
entcnt 1858184 1863856 1863028 1860220 7445288
inssucc 2547312432 2547040730 2547547779 2547172457 1599138806
insfail 0 0 0 0 0
updsucc 1410784886 1639948623 1421667604 1232285898 1409719715
delsucc 4281358788 4281156860 4281433859 4281250376 4240297995
delfail 122 135 128 124 509
depfail 0 0 0 0 0
srhsucc 846980887 1031557258 955302388 695276265 3529116798
srhfail 1975832157 1923708703 1945541895 1911911973 3462027432
agesucc 2559062756 2558987310 2559218188 2559029157 1646362819
oftfcnt 41843906 41843024 41843534 41843549
--------------- --------------- --------------- --------------- --------------- ---------------
* entcnt: Session count
* inssucc: Insertion success, insfail: Insertion failure
* delsucc: Deletion success, delfail: Deletion failure
* updsucc: Update success, depfail: Depth failure
* srhsucc: Search success, srhfail: Search failure
* agesucc: Aging success
* oftfcnt: Overflow table entry count

Note that FortiGate stores session information as two NP forward entries for a single bidirectional firewall session.
To derive the approximate value of NPU offloaded sessions, divide the total by half.

In the above output, the total entcnt is 7445288. This means that the approximate value of NPU offloaded sessions is 3722644.
This derived value will closely match the npu_session_count reported in the output 'diagnose sys session stat'.

diagnose sys session stat
misc info: session_count=3741321 setup_rate=10180 exp_count=33 clash=567214
memory_tension_drop=0 ephemeral=0/1114112 removeable=0 extreme_low_mem=0
npu_session_count=3723010

 

Note: The SNMP object 'fgNPUSessionCount' does not directly derive the npu_session_count from the output 'diagnose sys session stat' output and the calculation provides an approximate value for NPU offloaded sessions. The exact number may vary slightly due to timing or session state changes during diagnostics.

Contributors