Session in Traffice Log table

weiyangs · ‎11-15-2023

Hi, does anyone know what does Sessions mean in traffic log table?

Found this explaination online:

"A session is a communication channel between two devices or applications across the network. Sessions allow FortiOS to inspect and act on a sequential group of packets in a session all at once instead of inspecting each packet individually."

But my boss doesn't accept this answer as it is not from a fortinet tech.

sessions

esalija · ‎11-15-2023

Hi @weiyangs

Please follow the doc for more details - https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/562859/using-a-session-table

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-the-meaning-of-Session-CPU/t...

Best regards,

Erlin

If you have found a solution, please like and accept it to make it easily accessible to others.

smayank · ‎11-16-2023

Hello

Whenever you browse or initiate connection packet goes to different stages.
>> Slow path - Packet get inspected in this stage and after check various things such as destination NAT firewall policy and routing
If these things match it creates session. Now if packet comes again it checks the 6 tuples with session table if it matches it direclty goes to fast path.
By this firewall don't have to do all the checkes again and again
For better understanding you can refer packet flow of fortigate.
Thanks & Reagrds
Mayank Sharma