Hello,
Assumption & belief :: a single ip address can have a max nat connections of 64,000
FACT :: My FW version is less than 5.6
I want to see the current usage for my nat pool below
edit "nat-pool-abc" set startip 10.10.10.0 set endip 10.10.10.4
To date i have tried
# diagnose firewall ippool stats Total 0 ippool is allocated. Total 0 client host is online. Total 0 natip is allocated. Total 0 PBA is allocated. Approximate 0 PBA is allocated in 1 second before.
#diag firewall ippool list
NO DATA
I thought i could use
diagnose sys session filter 10.10.10.1
diagnose sys session list | grep -c 10.10.10.1
But the figures i get back are far higher than the max nat port usage of 64,000
I find it difficult to believe there is no way to see the usage of my nat ip pool, even if i have to look at each IP address within that pool individually with a diagnose filter.
?
I know this is an old thread but nevertheless for the benefit of anybody "googling":
try the diag firewall ippool-all tree; for example,
diag firewall ippool-all stat
This works only in 5.6.1 or higher.
Thanks.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.