Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Azure IPSEc communication problems



We have a cenario of IPSEC tunnel with Azure. We are facing some problems in comunication where a Microsoft AD on primise with a Microsoft AD on Azure cloud, this communication runs by tcp/135 port. We faced that a session with this tcp/135 keeps online after a communication succesfully trial and it works again only when we clear this session.

This is an exemples of this session thar remain:


session info: proto=6 proto_state=05 duration=5040 expire=2 timeout=0 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=8 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=toAZURE/ helper=dcerpc vlan_cos=0/255 user=ADMINISTRATOR auth_server=FSSO1 state=dirty may_dirty npu acct-ext statistic(bytes/packets/allow_err): org=892/9/1 reply=1128/8/1 tuples=2 tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0 orgin->sink: org pre->post, reply pre->post dev=0->0/0->0 gwy= hook=pre dir=org act=noop> hook=post dir=reply act=noop> pos/(before,after) 0/(0,0), 0/(0,0) misc=0 policy_id=43 auth_info=0 chk_client_info=0 vd=1 serial=29f1cf6b tos=ff/ff app_list=0 app=0 url_cat=0 rpdb_link_id = 00000000 ngfwid=n/a dd_type=0 dd_mode=0 npu_state=0x3100000 npu info: flag=0x00/0x00, offload=0/0, ips_offload=0/0, epid=0/0, ipid=0/0, vlan=0x0000/0x0000 vlifid=0/0, vtag_in=0x0000/0x0000 in_npu=0/0, out_npu=0/0, fwd_en=0/0, qid=0/0 no_ofld_reason: helper


We run 6.2.3 version.


Any idea of how can we solve it?

Esteemed Contributor III



do a cli   "show firewall policy 43" and drop the output here


Do you have any weird UTM settings? Are you using any custom-service? I see a duration of 5k plus that sees odd to say the least for proto 6 . I have never seen that b4.


Have you ran "diag debug flow"  ? Diag debug flow is your 1st steps in diagnostics.


Is the problem the same client ? have you compared it's netstat statistics for established TCP sessions?


Can you get off 6.2.3 ? Your at lest 4+ revision behind.


Ken Felix




PCNSE NSE StrongSwan



I excluded the RPC session helper and it worked.


config sys session-helper delete 17


Thank you.

Top Kudoed Authors