I'm seeing every few minutes the number of sessions moving through my FortiGate spike from a few thousand, to tens of thousands, and back.
How would I best identify the source of these connections?
Go to Solution.
You can check the output for 'diag sys session stat'.
More info here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Session-counter-information/ta-p/197839?ex... / https://community.fortinet.com/t5/FortiGate/Technical-Tip-Meaning-of-the-counter-fields-in-diagnose-... Regards,
View solution in original post
It seems to be you have very old FortiGate models. May I know the firmware images of the FortiGate ? We need to check that FortiView is supported in those images.
FortiOS 6.4.7 on a 500E model
Then you can follow the FortiView to identify the session details.
Thanks, narrowed it down to a monitoring agent firing thousands of DNS (UDP/53) requests off every 5 minutes.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.