Skip to main content
rambo007
rambo007
New Member
January 28, 2025
Question

Safari briefly loses connection to FortiManager 7.4.x

  • January 28, 2025
  • 4 replies
  • 855 views

Anyone seen a problem using FMG from Safari on MacOS where you occasionally (every few minutes) get a message saying connection to FMG was lost, usually counts down for a few seconds then reconnects. It's likely related to a tcp keep alive because it doesn't happen when I'm interacting, only when I'm idle for a few minutes. I'm just not sure if I should adjust Mac or FMG side. I only see this in FMG but it never happens on Windows machines, even using Safari.

4 replies

Anthony_E
Staff
Anthony_E
Staff
January 31, 2025

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
February 3, 2025

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Best Regards
    Anthony_E
    Staff
    Anthony_E
    Staff
    February 6, 2025

    Hello,

     

    May I invite you to open a ticket with our support?:

    https://support.fortinet.com/welcome/#/

     

    Regards,

    Best Regards
    jairsilva88
    jairsilva88
    New Member
    March 5, 2026

    This is not a Safari bug and not a firewall issue.

    After running packet captures, we confirmed that FortiManager closes the HTTPS connection after ~15 seconds of idle time (server sends TCP FIN). The GUI session itself remains valid, but the underlying TCP socket is terminated.

    Safari aggressively reuses persistent connections (keep-alive / HTTP/2). When the server closes the idle socket, the SPA-based GUI loses context and appears to drop. Chrome and Firefox reopen connections more frequently, which masks the issue.

    We confirmed the root cause by continuously sending a GET request to:

    /fmgui/session-live

    If a request is sent every 10 seconds, the issue disappears completely.

    Workaround (Safari – Userscripts extension)

    Until the HTTPS idle timeout behavior is adjusted on FortiManager, you can implement a keepalive using Userscripts in Safari.

    Step 1 – Install Userscripts

    Install the Userscripts extension from the Mac App Store and enable it in:

    Safari → Settings → Extensions → Userscripts

    Step 2 – Create a New Script

    Create a new script with the following configuration:

    Match URL:

    https://<your-fmg-address>/*

    Run at: document-idle

    Step 3 – Paste This Script

    // ==UserScript== // @name         FortiManager KeepAlive // @match        https://<your-fmg-address>/* // @grant        none // @run-at       document-idle // ==/UserScript==  (function () {     const INTERVAL = 10000; // 10 seconds      setInterval(() => {         if (!document.hidden && document.cookie.includes("APSCOOKIE")) {             fetch('/fmgui/session-live?_=' + Date.now(), {                 method: 'GET',                 credentials: 'include'             });         }     }, INTERVAL); })();

    Replace <your-fmg-address> with your actual FortiManager hostname or IP address.

    Result

    • A GET request is sent every 10 seconds.
    • The HTTPS connection never becomes idle.
    • FortiManager does not send TCP FIN.
    • The GUI remains stable.

    This workaround resolved the issue 100% in our environment.

    Long term, it may be worth reviewing the HTTPS daemon idle timeout and HTTP/2 handling behavior with Safari on FortiManager.

    Terms & ConditionsAccessibility statement