Hi all,
I'm seeing every few minutes the number of sessions moving through my FortiGate spike from a few thousand, to tens of thousands, and back.
How would I best identify the source of these connections?
Solved! Go to Solution.
Hi Christoph_Berthoud,
You can check the output for 'diag sys session stat'.
More info here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839?ex... / https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-...
Regards,
Hi,
It seems to be you have very old FortiGate models. May I know the firmware images of the FortiGate ? We need to check that FortiView is supported in those images.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560153/enabling-fortiview
-Habeeb
FortiOS 6.4.7 on a 500E model
Hi,
Then you can follow the FortiView to identify the session details.
Hi Christoph_Berthoud,
You can check the output for 'diag sys session stat'.
More info here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839?ex... / https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-...
Regards,
Thanks, narrowed it down to a monitoring agent firing thousands of DNS (UDP/53) requests off every 5 minutes.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.