Fortinet white logo
Fortinet white logo

Hyperscale Firewall Guide

Displaying information about NP7 hyperscale firewall hardware sessions

Displaying information about NP7 hyperscale firewall hardware sessions

You can use the following diagnose commands to display the current NP7 hyperscale firewall hardware IPv4 and IPv6 session lists:

diagnose sys npu-session list

diagnose sys npu-session list6

These commands display the current session list stored in the logging buffer. For sessions accepted by firewall policies that use hardware logging (log-processor is set to hardware), the logging buffer includes all session details. For sessions accepted by firewall policies using CPU or host logging (log-processor is set to host), the command displays fewer details about the session list, because CPU or host logging only maintains a subset of all of the information available for each session in the session list.

You can also use the following commands to display the current NP7 hyperscale firewall hardware session list by sending a query to the NP7 Session Search Engine (SSE). The output of these commands does not depend on the hardware logging configuration because they query the SSE. However, because the commands are querying the SSE, the response time will be longer.

diagnose sys npu-session list-full

diagnose sys npu-session list-full6

Displaying information about NP7 hyperscale firewall hardware sessions

Displaying information about NP7 hyperscale firewall hardware sessions

You can use the following diagnose commands to display the current NP7 hyperscale firewall hardware IPv4 and IPv6 session lists:

diagnose sys npu-session list

diagnose sys npu-session list6

These commands display the current session list stored in the logging buffer. For sessions accepted by firewall policies that use hardware logging (log-processor is set to hardware), the logging buffer includes all session details. For sessions accepted by firewall policies using CPU or host logging (log-processor is set to host), the command displays fewer details about the session list, because CPU or host logging only maintains a subset of all of the information available for each session in the session list.

You can also use the following commands to display the current NP7 hyperscale firewall hardware session list by sending a query to the NP7 Session Search Engine (SSE). The output of these commands does not depend on the hardware logging configuration because they query the SSE. However, because the commands are querying the SSE, the response time will be longer.

diagnose sys npu-session list-full

diagnose sys npu-session list-full6