ssh and telnet disconnect after about 15s

Forum|Forum|5 years ago
March 23, 2021
2 replies
7317 views

Hi,

I'm having an issue with CLI session using ssh and telnet. Whenever I tried to connect Fortinet or switch behind Fortigate, it disconnects my session after about 15s. Web session on Fortigate stays connected.. but neither the ssh or telnet. Tried to change timeout settings on Fortigate. It didn't help. I'm sitting behind a Fortigate that has an ipsec tunnel with the Fortigate that I'm trying to connect to. Any settings on IPSEC tunnel? Any suggestions?

Thanks.

Yurisk

SuperUser

There is no setting on Fortigate to cause an ACTIVE ssh session to disconnect every other second/minute, the only setting like set admintimeout relates to ssh/web admin sessions but even then only for IDLE sessions, not active ones.

Is it possible you have SD-WAN + Ipsec ? If so then it could be the FGT is balancing your ssh over multiple VPN tunnels and this causes the issue, in that case you can try setting SD-WAN to preserve-session setting.

emnoc

New Member

tcp-mss size is my 1st thought since you are using a a ipsec-tunnel you have a policy right ? Go into the cli mode and set the tcp-mss receive and retest.

http://socpuppet.blogspot.com/2013/05/tcp-mss-adjusment-fortigate-style.html

Also please telling me your not using telnet for management ;)

Ken Felix

peterk2020Author

Visitor III

Thanks for your replies. Let me go ahead and adjust tcp-mss and test it what happens. I was just testing "telent' see if I have a same issue.

Forgot to mention that it stays connected as long as I type.

emnoc

New Member

Man that last post update makes me believe you have session-ttl set & if you go idle the session is timeout. If you do a "diag debug flow" and find the policy and services make sure some one didn't hack of the service session-ttl to some weird idle timeout

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded