FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 266914
Description This article describes how to interpret the output 'diag test app wad 21'.
Scope FortiGate.

diag test app wad 21

TCP stats: active=29890 accepts=0 connects=83701245 accept_err=0

    connect_err=87970 bind_fails=0

make_failure=0 connected=83480214



    timer start/timeout=86241156/4177

    TCP port: without_ses_ctx:0



connect_err: This could be caused by source port exhaustion or connection failure.

timeout: This could be another reason that causes disconnection. As mentioned before, the connection will be closed if there is no data in it for a long time (TTL, 1 hour by default).


too_many_write_blocks keep increasing. It means the peer of FortiGate cannot receive the data that is sent from FortiGate in time. The potential cause could be that some clients of the web proxy can not read the data somehow (busy on something else). Or, most of the clients are uploading data to the servers, but the web proxy WAN side upload bandwidth cannot satisfy the requirement.




  1. connect_err: can be fixed by resolving the source port exhaustion issue. Enlarge 'ip-source-port-range' or use IPPool if it is possible.
  2.  too_many_write_blocks: It looks like a condition limitation.
  3.  timeout: It is as expected. Try to enlarge 'system.session-ttl.default'.