Displaying more information about NP7 hyperscale firewall hardware sessions
You can use the following diagnose commands to display the current NP7 hyperscale firewall hardware IPv4 and IPv6 session lists:
diagnose sys npu-session list
diagnose sys npu-session list6
These commands display the current session list stored in the logging buffer. For sessions accepted by firewall policies that use hardware logging (log-processor
is set to hardware
), the logging buffer includes all session details. For sessions accepted by firewall policies using CPU or host logging (log-processor
is set to host
), the command displays fewer details about the session list, because CPU or host logging only maintains a subset of all of the information available for each session in the session list.
New for FortiOS 6.4.8, you can use the following commands to display the current NP7 hyperscale firewall hardware session list by sending a query to the NP7 Session Search Engine (SSE). The output of these commands does not depend on the hardware logging configuration because they query the SSE. However, because the commands are querying the SSE, the response time will be longer.
diagnose sys npu-session list-full
diagnose sys npu-session list-full6