You can use FortiManager to view FortiGate policy hit counters. You must enable policy hit counts before you can view the information.
In FortiManager, the policy hit counts are aggregated across all managed FortiGate units for the policy.
The hit count is collected from managed FortiGate units every 300 seconds (5 minutes) by default. You can configure the frequency by using the
config system global command with the
hitcount_interval variable and the
hitcount_concurrent variable. For more information, see the FortiManager CLI Reference available on the Fortinet Document Library.
When the policy hit counter is reset on the FortiGate, FortiManager subtracts the amount from its hit counters too.
The hit count information is excluded from the FortiManager event log, but it's included in the debug log for troubleshooting purposes.
- Go to System Settings > Advanced Settings.
- Beside Policy Hit Count, select Enable.
- Ensure you are in the correct ADOM.
- Go to Policy & Objects > Policy Package.
- In the tree menu for a policy package, select a policy. The content pane for the policy is displayed.
- View the Hit Count, Bytes, Packets, First Used, and Last Used columns.
- Hover the mouse over the cells in the columns to view the Session Count, Session First Used, and Session Last Used fields of information.
The Session Count field reports the total number of completed sessions from the FortiGate. The Session Count field excludes incomplete sessions, such as sessions where TCP three-way handshakes are incomplete, UDP sessions are pending replies, and SCTP sessions that have not reached an established state.
The Session First Used and Session Last Used fields are session aware and triggered when return traffic is generated. They indicate when a policy rule is being used not just hit.