Hi all,
I'm seeing every few minutes the number of sessions moving through my FortiGate spike from a few thousand, to tens of thousands, and back.
How would I best identify the source of these connections?
Solved! Go to Solution.
Hi Christoph_Berthoud,
You can check the output for 'diag sys session stat'.
More info here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839?ex... / https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-...
Regards,
Hi,
It seems to be you have very old FortiGate models. May I know the firmware images of the FortiGate ? We need to check that FortiView is supported in those images.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/560153/enabling-fortiview
-Habeeb
FortiOS 6.4.7 on a 500E model
Hi,
Then you can follow the FortiView to identify the session details.
Hi Christoph_Berthoud,
You can check the output for 'diag sys session stat'.
More info here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839?ex... / https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-...
Regards,
Thanks, narrowed it down to a monitoring agent firing thousands of DNS (UDP/53) requests off every 5 minutes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.