Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

Showing how the DP2 processor will load balance a session

Showing how the DP2 processor will load balance a session

You can use the following command to display the FPM slot that the DP2 processor will load balance a session to.

diagnose load-balance dp find session {normal | reverse | fragment | pinhole}

Normal and reverse sessions

For a normal or corresponding reverse session you can define the following:

{normal | reverse} <ip-protocol> <src-ip> {<src-port> | <icmp-type> | <icmp-typecode>} <dst-ip> {<dst-port> | <icmp-id>} [<x-vid>] [<x-cfi>] [<x-pri>]

Fragment packet sessions

For a session for fragment packets you can define the following:

fragment <ip-protocol> {<src-port> | <icmp-type> | <icmp-typecode>} <dst-ip> <ip-id> [<x-vid>] [<x-cfi>] [<x-pri>]

Pinhole sessions

For a pinhole sessions you can define the following:

pinhole <ip-protocol> <dst-ip> <dst-port> [<x-vid>] [<x-cfi>] [<x-pri>]

Normal session example output

For example, the following command shows that a new TCP session (protocol number 6) with source IP address 11.1.1.11, source port 53386, destination IP address 12.1.1.11, and destination port 22 would be sent to FPM slot 2 by the DP2 processor.

diagnose load-balance dp find session normal 6 11.1.1.11 53386 12.1.1.11 22
==========================================================================
MBD SN: F7KF503E17900068
Primary Bin 9708928
New session to slot 2 (src-dst-ip-sport-dport)

Additional information about the session also appears in the command output in some cases.

Showing how the DP2 processor will load balance a session

Showing how the DP2 processor will load balance a session

You can use the following command to display the FPM slot that the DP2 processor will load balance a session to.

diagnose load-balance dp find session {normal | reverse | fragment | pinhole}

Normal and reverse sessions

For a normal or corresponding reverse session you can define the following:

{normal | reverse} <ip-protocol> <src-ip> {<src-port> | <icmp-type> | <icmp-typecode>} <dst-ip> {<dst-port> | <icmp-id>} [<x-vid>] [<x-cfi>] [<x-pri>]

Fragment packet sessions

For a session for fragment packets you can define the following:

fragment <ip-protocol> {<src-port> | <icmp-type> | <icmp-typecode>} <dst-ip> <ip-id> [<x-vid>] [<x-cfi>] [<x-pri>]

Pinhole sessions

For a pinhole sessions you can define the following:

pinhole <ip-protocol> <dst-ip> <dst-port> [<x-vid>] [<x-cfi>] [<x-pri>]

Normal session example output

For example, the following command shows that a new TCP session (protocol number 6) with source IP address 11.1.1.11, source port 53386, destination IP address 12.1.1.11, and destination port 22 would be sent to FPM slot 2 by the DP2 processor.

diagnose load-balance dp find session normal 6 11.1.1.11 53386 12.1.1.11 22
==========================================================================
MBD SN: F7KF503E17900068
Primary Bin 9708928
New session to slot 2 (src-dst-ip-sport-dport)

Additional information about the session also appears in the command output in some cases.