Active Sync event id 1040

Report Inappropriate Content · ‎10-07-2008

Many of our users are using windows mobile devices and synchronize their mail, calendar and contact with active sync over a UMTS/GPRS connection. For the users this works ok, but our Exchange 2007 regularly reports the following event

Event Type: Warning Event Source: MSExchange ActiveSync Event Category: Requests Event ID: 1040 Computer: Description: The average of the most recent [496] heartbeat intervals used by clients is less than or equal to [540]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and Direct Push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

This event leads me to the following Microsoft article: http://support.microsoft.com/kb/905013/en-us According to this article I should change the timeout values of http and https connections to a recommended timeout of 15 minutes. So I went into the cli of our Fortigate 200 and used the following commands

config system session-ttl config port edit 80 set timeout 900 next edit 443 set timeout 900 end end

But after this configuration change we keep getting these events. Does any of you have experience or suggestions on how to configure our FG 200 to get rid of these events?

g3rman · ‎10-07-2008

The default timeout on the Fortigates is 3600 seconds (1 hour). Rather than lowering your timeouts to 15 minutes I would try to increase them, say 4-5 hours maybe.

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com

Report Inappropriate Content · ‎10-07-2008

g3rman, thx for your reply. a " get system session-ttl" on our Fortigate 200 returns a default of 300 (=5 minutes) but I believe I was a little bit to fast with my forum post cause after I made the changes to the firewall I still got a few 1040 event messages but they were probably from already active sessions. The last 45 minutes I haven' t received the errors anymore and before the changes I got them at least every 10 - 15 minutes. So case closed I guess

g3rman · ‎10-07-2008

Sounds good. For a minute you had me thinking I was high again and reverting back to my old Checkpoint days where the default timeout was 1 hour. But I just verified on various firewalls (from FG60 to FG800) that their default is 1 hour. That' s probably what the issue was, somehow your default timeout was set to 5 minutes. My recommendation would be to change your global timeout to 3600 seconds. 5 Minutes is a little short.

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com

Report Inappropriate Content · ‎10-07-2008

I checked an FG firewall on an other site and it was indeed default on 3600. On the FW that caused the issue I deleted the specific settings for port 80 and 443 and changed the default ttl to 3600.

Report Inappropriate Content · ‎10-07-2008

haha funny! I just saw your signature and see you are the owner of http://firewallguru.blogspot.com . That is the site where I found the commands to change the ttl in the first place. Small world I guess.

You are in my bookmarks now ;)

g3rman · ‎10-07-2008

Hah .. small world it is ;) Glad it was of use to you.

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com