Troubleshooting Tip: FortiGate session persistence synced session to wrong outgoing interface/dev ID

Description

This article describes how to fix an issue with FortiGate session persistence syncing the session to the wrong outgoing interface/dev ID.

Scope

FortiGate.

Solution

To resolve the issue of FortiGate FortiGate Session Persistence syncing the session to wrong outgoing interface/dev ID, follow these steps:

• Disable Unified Threat Management/Intrusion Prevention System Engine profile on the FortiGate device.

• This can be done by going to Go to Policy -> Edit Policy -> Unified Threat Management/Intrusion Prevention System Profile -> Disable.

• Verify that the synced session on the FortiGate device is correct after disabling the Unified Threat Management/Intrusion Prevention System Engine profile.

• This can be done by checking the session table and verifying that the outgoing interface/dev ID is correct.

• If the issue persists, try enabling asymroute-icmp in the config system settings.  

config system settings 
    set asymroute-icmp enable 
end

Note: Disabling Unified Threat Management/Intrusion Prevention System Engine profile may have security implications, and it is recommended to consult with a Fortinet expert before making any changes to the configuration.