Skip to main content
A
Anonymous_User
Contributor
April 28, 2008
Question

Idle connections freeze or lock RDP and MySQL

  • April 28, 2008
  • 2 replies
  • 2642 views
We have a problem with a HA FortiGate-300 cluster. The cluster is in transparant mode. We have found that if we leave a command line mysql client open and idle, it will become locked out after a couple of minutes. It doesn' t disconnect, it just hangs on the next query as the tcp connection has gone away. We see something similar with Remote Desktop connections through the FortiGate. If left idle for a while, the connection will go away. RDP will recover, but the desktop will be frozen for about a minute. As the FG is in transparant mode, I assume session time-outs don' t come into play, or do they?

    2 replies

    abelio
    SuperUser
    abelio
    SuperUser
    April 29, 2008
    As the FG is in transparant mode, I assume session time-outs don' t come into play, or do they?
    Timeouts play even in TP mode, but you' re talking about couple of minutes, a very short timeout. Defaults are higher (3600 sec), so it seems to be another issue. Check table sessions in dashboard and play with ' config system session-ttl' CLI command for your protocols, i.e, for rdp standard 3389/tcp port: 
      config system session-ttl          config port              edit 3389                  set timeout 7200              next          end  end
    A
    Anonymous_UserAuthor
    Contributor
    April 29, 2008
    Abel, You did however hit the nail on the head. Either the default changed or the previous admin (I inherited this setup from a takeover) had some interesting ideas... 
      config system session-ttl      set default 300          config port              edit 22                  set timeout 3600              next          end  end
    abelio
    SuperUser
    abelio
    SuperUser
    April 29, 2008
    interesting, maybe your previous admin tried to react to ' The system has entered conserve mode' message for a overloaded box; there' s an kc' s article (http://kc.forticare.com/default.asp?id=1076) where one of the emergency settings was set default timeout to 300 sec. Or the emergency became permanent or you' ve inherited the box meanwhile; maybe the cluster was the way to solve the overload, or maybe earlier admin ' had some interesting ideas... ' best regards,
    Terms & ConditionsAccessibility statement