Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bejjit
New Contributor

how to resolve a Lot of clash session

Hello,

i have a lot of clash

any suggestion

 

FGT500D $ diagnose sys session stat

misc info: session_count=15502 setup_rate=246 exp_count=626 clash=17417

memory_tension_drop=0 ephemeral=0/589824 removeable=0

npu_session_count=3414

nturbo_session_count=480

delete=83073, flush=1, dev_down=0/0 ses_flush_filters=0

flush_work_num=0

TCP sessions:

538 in NONE state

4437 in ESTABLISHED state

44 in SYN_SENT state

4 in SYN_RECV state

3 in FIN_WAIT state

534 in TIME_WAIT state

423 in CLOSE state

72 in CLOSE_WAIT state

firewall error stat:

error1=00000000

error2=00000000

error3=00000000

error4=00000000

tt=00000000

cont=1ef546cd

ids_recv=30d613e7

url_recv=00000000

av_recv=8b78184b

fqdn_count=00000039

global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

1 Solution
hubertzw
Contributor III

check which pools are not big enough:

 

diagnose firewall ippool-all stats

View solution in original post

4 REPLIES 4
hubertzw
Contributor III

check which pools are not big enough:

 

diagnose firewall ippool-all stats

bejjit

hi hubertzw

i checking pools

 

FGT500D $ diagnose firewall ippool-all stats

vdom:tr owns 2 ippool(s)

name: Test

type: overload

startip: x.x.x.20

endip: x.x.x.20

total ses: 3

tcp ses: 3

udp ses: 0

other ses: 0

name: kRd8

type: one-to-one

startip: y.y.y.96

endip: y.y.y.127

total ses: 0

tcp ses: 0

udp ses: 0

other ses: 0

hubertzw

Now it looks fine but you need to check when more people are connected. Monitor also the counter to see if it's stable or still increasing (clash=17417)

jorge_americo

If increase. It is interesting to post the log.

NSE-4

NSE-4
Labels
Top Kudoed Authors