Technical Tip: Delete session helpers
Description
This article describes how to delete session helpers especially in passive mode.
Solution
In few FTP connections FortiGate will trigger the session helpers due which there could be issues while establishing the FTP connections through FortiGate.
In such scenario, it is posible to delete the FTP session helpers on FortiGate.
However before deleting the session helpers it is recommended to verify and confirm if the required sessions are using session helpers.
Below commands will assist in looking for session helpers.
This article describes how to delete session helpers especially in passive mode.
Solution
In few FTP connections FortiGate will trigger the session helpers due which there could be issues while establishing the FTP connections through FortiGate.
In such scenario, it is posible to delete the FTP session helpers on FortiGate.
However before deleting the session helpers it is recommended to verify and confirm if the required sessions are using session helpers.
Below commands will assist in looking for session helpers.
# Diag sys session filter src x.x.x.xThen, list the sessions with below commands.
# Diag sys session filter dst x.x.x.x
# Diag sys session filter port x.x.x.x
# Diag sys session listFor further assistance , open a ticket with Fortigate TAC.
session info: proto=6 proto_state=01 duration=128 expire=3471 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ helper=FTP vlan_cos=0/255
state=dirty may_dirty npu synced netflow-origin netflow-reply
statistic(bytes/packets/allow_err): org=540/5/1 reply=412/3/1 tuples=2
tx speed(Bps/kbps): 4/0 rx speed(Bps/kbps): 3/0
orgin->sink: org pre->post, reply pre->post dev=0->0/0->0 gwy=0.0.0.0/0.0.0.0
hook=pre dir=org act=noop 172.16.29.2:57417->10.96.11.11:21(0.0.0.0:0)
hook=post dir=reply act=noop 10.96.11.11:21->172.16.29.2:57417(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=111215 auth_info=0 chk_client_info=0 vd=0
serial=9456477d tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000 ngfwid=n/a
dd_type=0 dd_mode=0
npu_state=0x100000
npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0x0000/0x0000
vlifid=0/0, vtag_in=0x0000/0x0000 in_npu=0/0, out_npu=0/0, fwd_en=0/0, qid=0/0
no_ofld_reason: helper
Related Articles
Technical Tip: Enable and disable FortiGate system session helpers