When using 'diagnose sys session stat' to retrieve session statistics on a FortiGate device, various TCP session states can be observed.

Below is an example of the output from the 'diagnose sys session stat' command.

Keep in mind that from a FortiGate configuration point of view, there are four TCP timer parameters that can be configured:

• set tcp-halfclose-timer 120
• set tcp-halfopen-timer 10
• set tcp-rst-timer 5
• set tcp-timewait-timer 1

TCP Session States Overview:

session_count = 446123 — This is the total number of sessions on the FortiGate, including TCP, UDP, and SCTP sessions.

For TCP sessions, there are several possible session states. Below is an explanation of each:

States during the TCP half-open timer:

• SYN_SENT: FortiGate is waiting for a matching connection request after having received a connection request.
• SYN_RECV: FortiGate is waiting for a confirming connection request acknowledgment after having both received and sent a connection request.

State during TCP connection established:

• ESTABLISHED: Represents an open connection. Data received can be delivered to the user. This is the normal state for the data transfer phase of the connection.

States during the TCP half-close timer:

• FIN_WAIT: When connection termination is initiated from the origin direction, FortiGate is waiting for a connection termination request from the remote TCP peer, or for an acknowledgment of a termination request previously sent.
• CLOSE_WAIT: When connection termination is initiated from the remote direction, FortiGate is waiting for a termination request from the local user.
• CLOSE: After the connection is closed, FortiGate holds the session in the CLOSE state for a duration equal to the tcp-rst-timer value (in seconds).

States during the TCP time-wait timer:

• TIME_WAIT: FortiGate waits for enough time to ensure the remote TCP peer has received the acknowledgment of its connection termination request, and to avoid new connections being affected by delayed segments from the previous connection.