Description | This article describes how to analyze a session Clash event in FortiGate that occurred due to misconfiguration. |
Scope | FortiGate. |
Solution |
Below is a scenario where FortiGate has triggered Session clash events.
Session clash events can occur when the two sessions are received with the same source destination IPs and Ports. In most of cases, the traffic initiated by the endpoints can cause such events. But in the below scenario, a misconfiguration in FortiGate has trigged this event.
Logs:
msg="session clash"
As the above logs show the incoming source public IP is getting translated. The public IP is being NAT to interface IP which is the same: 192.168.0.1 in both scenarios. This is the reason the Firewall is considering this traffic as a session clash.
Hence NAT should be disabled in incoming VIP policies to prevent such events in the FortiGate.
Related article: Technical Tip: Explanation of the session clash message.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.