Skip to main content
gvasquezn
gvasquezn
New Member
November 15, 2023
Question

Error tcp-rst-from-client

  • November 15, 2023
  • 3 replies
  • 35323 views

Hello, I have a problem with my FortiVM FW , some of my ussers from a remote warehouse get conection properly but the next 5 seconds it drop off. It only happens in this warehouse. Policy permits traffic to the VPN host and port 10443. And as I can see in the logs, it has matched in and out.

We have fortigate VM FGVM

imagen (17).pngimagen (16).png

3 replies

abarushka
Staff
abarushka
Staff
November 15, 2023

Hello,

 

I would recommend to sniff traffic "diag sniffer packet any 'host <destination IP address>' 6 0 a". It may give a hint why client is sending RST packet.

gvasquezn
gvasqueznAuthor
New Member
November 15, 2023

Where should i run this diag, in my fortiauthenticator or host were get the reset from client?

 

abarushka
Staff
abarushka
Staff
November 15, 2023

Hello,

 

On FortiGate side (VDOM level if applicable).

Sheikh
Staff
Sheikh
Staff
November 15, 2023

Hello @gvasquezn 

 

Try increasing the timeout value in the matching firewall policy and see if that helps.

 

# config firewall policy
# edit 1
# set session-ttl 1500
# end

 

regards,

Sheikh

gvasquezn
gvasqueznAuthor
New Member
November 15, 2023

this gave me this mesage.

 

FGVM4VTM23001983 (policy) # edit 1
new entry '1' added

FGVM4VTM23001983 (1) # set session-ttl 1500

FGVM4VTM23001983 (1) # end
Attribute 'srcintf' MUST be set.
Command fail. Return code -56

pminarik
Staff
pminarik
Staff
November 15, 2023

The firewall policy itself allowed the traffic, otherwise client-RST could not happen.
Check if you have any relevant UTM profiles enabled in that policy (ID 196 based on the log).

 

If none, then the FortiGate is unlikely to be at fault. You will need to run a packet capture of both sides (as abarushka suggestted) and figure out what's wrong there on the application layer.

 

Given the number of packets sent, my initial random guess would be some issue during early TLS handshake. Not enough bytes for a certificate to be finished sending over, so maybe mismatch in TLS version and/or ciphersuite? Anyway, the pcap will hopefully answer that.

    Terms & ConditionsAccessibility statement