Skip to main content
firewallqvl
firewallqvl
Explorer
November 19, 2025
Question

No session matched error, unable to activate the EZVIZ camera.

  • November 19, 2025
  • 2 replies
  • 494 views

Hello everyone, hello experts.

I'm currently having an issue with activating an EZVIZ camera. The activation fails and the logs show a 'no session matched' error. I've tried several different methods, but none of them worked.

Is there any way to resolve this issue completely, and which configuration steps should I pay attention to? Does using SD-WAN affect this, and what can I do to allow it?

Thanks you so much!

id=65308 trace_id=430 func=fw_forward_dirty_handler line=401 msg="no session matched"

 

 

 

1.1.png

2 replies

ezhupa
Staff
ezhupa
Staff
November 19, 2025

Hello,

 

Can you add the full trace of the debug flow?
Is the issue on the return packets from the camera itself?
In most cases this issue is seen when the return packet comes to the FGT after a session is already closed or a FIN packet has already been sent.
Not an issue per se on the FGT, but raising session ttl might help.

If the packets ingress and egress the same interface let us know, as this might indicate some other issue entirely.
Hope this helps!

    firewallqvl
    firewallqvlAuthor
    Explorer
    November 20, 2025

    I am sharing the log : https://tinyurl.com/bp83ckaw

    - Thanks you expert.

    esalija
    Staff
    esalija
    Staff
    November 19, 2025

    Hi @ firewallqvl,

     

    Check TCP Half-Close Timer

    - One possible reason for this error is that the session was closed according to the 'tcp-halfclose-timer' before all data was sent.

    - You can extend the TCP half-close timer for the specific port used by your camera.

    - Create a custom firewall service for the port used by the camera.

    - Set the expected tcp-halfclose-timer for the new custom service.
    - Use this custom service in all relevant policies.

    Please check the KB for more details,

    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-the-No-Session-Matched/ta-p/190880

    Best regards,
    Erlin

      firewallqvl
      firewallqvlAuthor
      Explorer
      November 20, 2025

      Thank you for the expert's response. I have looked through the articles about 'no session matched', but unfortunately, they do not apply to my situation.

       

      - config system global: 

      set tcp-halfclose-timer 3600

          set tcp-halfopen-timer 120

      edit 40
              set name "Sgplog.ezvizlife.com"
              set uuid ....
              set srcintf "LAN-Local"
              set dstintf "virtual-wan-link"
              set action accept
              set srcaddr "Texter"
              set dstaddr "all"
              set schedule "always"
              set service "ALL"
              set anti-replay disable
              set logtraffic all
              set auto-asic-offload disable
              set nat enable
              set session-ttl 3600
              set tcp-mss-sender 1200
              set tcp-mss-receiver 1200
              set comments "Policy for camera"
          next
       
       
       
      Terms & ConditionsAccessibility statement