FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Article Id 276640
Description This article describes how to troubleshoot and resolve the 'Connection failed' issue in the FortiGate Threat Feeds connector and the 'you have been logged out' issue in FortiSOAR, which may occur periodically when integrating multiple FortiGates.
Scope FortiSOAR.

Troubleshooting Steps:

  1. Review Logs for QueuePool Overflow: Check the logs for 'QueuePool limit of size 5 overflow 10 reached' errors. These errors may indicate that the connection pool is being exhausted.

[root@CNFORTISOAR ~]# tail -100 /var/log/cyops/cyops-auth/das.log


 If these errors are seen, it is likely related to the exhaustion of connections in the QueuePool.


  1. Adjust QueuePool Settings: Navigate to the file '/opt/cyops-auth/utilities/das.ini' and update the 'poolsiz'  and 'maxoverflow' settings to increase the pool size. For example:




 Save the changes to the file.


  1. Restart the cyops-auth Service:  Execute the following command to restart the 'cyops-auth' service:


# systemctl restart cyops-auth


  1. Check FortiGate Threat Feeds Configuration: Review the FortiGate Threat Feeds configuration to ensure that the 'refresh-rate' has been configured appropriately. By default, the refresh rate is set to 5 minutes. Consider increasing the polling interval to a longer duration and observe if the issue persists after this change.