Skip to main content
BensonLEI
BensonLEI
New Member
October 26, 2022
Solved

"session clashed" issue in SDWAN configuration

  • October 26, 2022
  • 1 reply
  • 4800 views

Hi, guys,

 

I am using Fortigate 400E with FortiOS v7.0.3;  A SDWAN configuration of 3 internet lines; lines information are the following:

1.  line1 = 100.100.100.0/24 ; ( a VIP mapping - 100.100.100.10-NATed-10.16.6.35 )

2. line2 = 111.111.111.0/24 ;  ( a VIP mapping - 111.111.111.11-NATed-10.16.6.35 )

3. line3 = 222.222.222.0/24 ( a VIP mapping - 222.222.222.22-NATed-10.16.6.35 )

 

the SDWAN service for these 3 lines:  mode (load-balance, hash-mode=round-robin)

 

A customer IP : 134.96.54.129

 

 

"session clashed" is found as the below:

 

1: date=2022-10-25 time=12:22:50 eventtime=1666671770025306040 tz="+0800" logid="0100020085" type="event" subtype="system" level="information" vd="root" logdesc="Session clashed" status="clash" proto=6 msg="session clash"
new_status="state=00010200 tuple-num=2 policyid=85 dir=0 act=2 hook=0 134.96.54.129:29656->111.111.111.11:18889(10.16.6.35:18889) dir=1 act=1 hook=4 10.16.6.35:18889->134.96.54.129:29656(111.111.111.11:18889)"
old_status="state=00010200 tuple-num=2 policyid=85 dir=0 act=2 hook=0 134.96.54.129:29656->222.222.222.22:18889(10.16.6.35:18889) dir=1 act=1 hook=4 10.16.6.35:18889->134.96.54.129:29656(222.222.222.22:18889)"

 

 

Any advise/recommendation ?

 

Many thanks in advance.

BensonLEI

 

 

 

 

Best answer by alif

Hi @BensonLEI 

 

It's actually good to have session clash messages generated as it allows to know if NAT port exhaustion is happening. AFAIK, there is no way to disable these messages.

1 reply

jintrah_FTNT
Staff
jintrah_FTNT
Staff
October 26, 2022

Hi,

 

Here the source port and destination port are same in both the sessions orginated from 134.96.54.129 causing the clash, as NAT table would not be able to differentiate and determine the return traffic from each VIP if it existed together to forward to the same source. You should ideally check options to fix the source to generate some randomness if it needed to simultaneously create (2 or more) sessions or have one session at a time using the same sport and dport.

 

Best regards,

Jin

BensonLEI
BensonLEIAuthor
New Member
October 26, 2022

Hi, Jin,

 

Thanks so much for your advise.

May I know if any configuration to fix this problem in Fortigate, since internet users can not be configured/controlled ?

 

Thanks a lot

BensonLEI

jintrah_FTNT
Staff
jintrah_FTNT
Staff
October 26, 2022

Hi,

Please see Technical Tip: Explanation of the session clash me... - Fortinet Community , at somepoint there may be same tuple formation and may be unavoidable from uncontrollable users from internet generating traffic at the sametime, but then the source may reconnect again using different source port.

 

best regards,

Jin

Terms & ConditionsAccessibility statement