Skip to main content
corymrussell
corymrussell
New Member
July 23, 2015
Solved

Session Clash issue

  • July 23, 2015
  • 5 replies
  • 33687 views

Forgive me if this was posted somewhere else. I did search and didn't find anything that helped. I'm showing a large amount of session clash entries in the log. I'm having troubles deciphering and trouble shooting this problem. Is there anyone who can help shed some light on the issue?

 

Thanks in advance for any help.  diagnose sys session stat misc info:       session_count=312 setup_rate=8 exp_count=0 clash=63606         memory_tension_drop=0 ephemeral=0/327680 removeable=0 delete=0, flush=0, dev_down=0/0 TCP sessions:          165 in ESTABLISHED state          1 in SYN_SENT state          8 in TIME_WAIT state          3 in CLOSE state          4 in CLOSE_WAIT state firewall error stat: error1=00000000 error2=00000000 error3=00000000 error4=00000000 tt=00000000 cont=003ee12c ids_recv=00bd1a0d url_recv=00000000 av_recv=0113aa23 fqdn_count=0000001c tcp reset stat:         syncqf=278 acceptqf=0 no-listener=3216 data=0 ses=0 ips=0 global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

    Best answer by Sylvia

    Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?

    If yes, check your NAT settings.

     

    Sylvia

    5 replies

    Jeroen
    Jeroen
    New Member
    July 23, 2015

    What for kind of traffic does the firewall pass? Is this VoIP or streaming media?

     

    Do you have a logging entry of the clash itself?

    corymrussell
    corymrussellAuthor
    New Member
    July 23, 2015

    The traffic is trying to reach an email server that was in beta. The IP is no longer live. Out of 12 locations I have two units showing these clashes. In the forward log I'm seeing it in HTTP TCP and IPv6.In.IP

     

    Sylvia
    SylviaAnswer
    Explorer
    July 29, 2015

    Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?

    If yes, check your NAT settings.

     

    Sylvia

    selvakumarnarayanan
    selvakumarnarayanan
    New Member
    February 10, 2023

    @Sylviacan you please share how to check NAT port exhaustion.

    Sylvia
    Sylvia
    Explorer
    February 10, 2023

    AFAIK there are no specfic commands for any NAT tables. But you can find more information abouth the clashes in the system event log. Here you can see which sessions have clashed (couldn't be natted) and with this you will have some information which NAT-settings has problems.

    corymrussell
    corymrussellAuthor
    New Member
    July 29, 2015

    Sylvia, Thanks! The issue wasn't in the NAT on the fortinet units but it was indeed a NAT on another portion of the network. Appreciate your help. It got me in the right direction.

    A
    Anonymous_User
    Contributor
    February 7, 2023

    This reference may be helpful to understand what is session clash:

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-the-session-clash-message/ta-p/190740

     

    Terms & ConditionsAccessibility statement