FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to resolve an issue with FortiGate 6000 models where, despite how there are sessions in the output of 'diagnose sys session list' hitting one firewall policy, the Hit Count in the GUI for the firewall policy shows 0.
Scope
FortiGate 6000 series.
Solution
Ensure that the Cooperative Security Fabric (CSF) is enabled on the FortiGate 6000 series unit, FortiGate 6000 needs to use CSF to get the Hit Count info from all blades.
To enable CSF via CLI, run the following CLI commands in Global mode:
config global
config system csf
set status enable
end
Note: Rebooting the FortiGate will cause the Hit Count info to be reset to 0.
