Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
peterk2020
New Contributor

Created on ‎03-23-2021 10:54 AM

ssh and telnet disconnect after about 15s

Hi,

I'm having an issue with CLI session using ssh and telnet.  Whenever I tried to connect Fortinet or switch behind Fortigate, it disconnects my session after about 15s.  Web session on Fortigate stays connected.. but neither the ssh or telnet.  Tried to change timeout settings on Fortigate.  It didn't help.  I'm sitting behind a Fortigate that has an ipsec tunnel with the Fortigate that I'm trying to connect to.  Any settings on IPSEC tunnel?  Any suggestions?

 

Thanks.

 

5589
0 Kudos
4 REPLIES 4
Yurisk
SuperUser
SuperUser

Created on ‎03-23-2021 02:08 PM

There is no setting on Fortigate to cause an ACTIVE ssh session to disconnect every other second/minute, the only setting like set admintimeout relates to ssh/web admin sessions but even then only for IDLE sessions, not active ones.  

Is it possible you have SD-WAN + Ipsec ? If so then it could be the FGT is balancing your ssh over multiple VPN tunnels and this causes the issue, in that case you can try setting SD-WAN to preserve-session setting.

 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
4517
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎03-23-2021 02:09 PM

tcp-mss size is my 1st thought since you  are using a a ipsec-tunnel you have a policy right ? Go into the cli mode and set the tcp-mss receive and retest.

 

http://socpuppet.blogspot.com/2013/05/tcp-mss-adjusment-fortigate-style.html

 

 

Also please telling me your not using telnet for management ;)

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4517
0 Kudos
peterk2020
New Contributor
In response to emnoc

Created on ‎03-25-2021 10:20 AM

Thanks for your replies.  Let me go ahead and adjust tcp-mss and test it what happens.  I was just testing "telent' see if I have a same issue. 

Forgot to mention that it stays connected as long as I type.

4517
0 Kudos
emnoc
Esteemed Contributor III
In response to peterk2020

Created on ‎03-25-2021 11:02 AM

Man that last post update makes me believe you have  session-ttl set & if you go idle the session is timeout. If you do a "diag debug flow" and find the policy and services make sure some one didn't hack of the service session-ttl to some weird idle timeout

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4517
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.