Skip to main content
leericky
leericky
New Member
May 7, 2018
Question

Samba app having timeout problem

  • May 7, 2018
  • 1 reply
  • 7302 views

Hi guys,

 

i'm having an issue in one of my customer about samba file sharing after using fortigate 200D FortiOS 5.4.1.

i'm not sure at first if fortigate causes this issue but this issue never come up when the user testing accessing the samba without fortigate.

so after sometime accessing the samba server, the user is like losing access to the samba server. they cannot save the file they just worked on and have to reconnect to the samba server to recover their connection. it's like the connection got timeout after sometime.

i have opened a ticket but they cannot find anything from the log. i'm in desperate situation of how to troubleshoot it further and hoping any of you guys have any insight of what to do.

 

regards,

Ricky

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 7, 2018

    Does it seem to happen about 60min or later after the last access? Then try adjusting session-ttl for TCP ports samba uses. You can find how at many places.

    leericky
    leerickyAuthor
    New Member
    May 8, 2018

    toshiesumi wrote:

    Does it seem to happen about 60min or later after the last access? Then try adjusting session-ttl for TCP ports samba uses. You can find how at many places.

    tried that. still nothing change.

    darwin_FTNT
    Staff
    darwin_FTNT
    Staff
    May 8, 2018

    Fortigate firmware version?

     

    Is there any utm profile used like ipsengine?

     

    How long does the session is kept open? (session have expiry timer)

     

    Memory usage? some sessions could be garbage collected if memory is low.

     

    Monitor the sessions like 'diag sys session list' to make sure the session connections are still open (can see the expiry left).  Another option as mentioned is to increase the session-ttl timeout (config system session-ttl  --> set default 3600 in seconds).  If the session is deleted, existing traffic will not pass thru the firewall (can replicate by 'diag sys session clear').

     

    Also can try:

     

    1. config system global --> anti-replay --> disable

     

    2. config system settings --> tcp-session-without-syn --> disable (this could help re-create the tcp session mid way)

     

    Terms & ConditionsAccessibility statement