Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Dead Sessions every Week or Two with IE 11 clients

Have a vanilla NAT config on a 60e with firmware 5.6.6 running some Windows servers at a data center. I have my own IP blocks. Everything in the firewall is disabled or on monitor / log only. Have basic VIP's and policies setup, and everything appears to work except this one issue where some IE 11 sessions go dead eventually. Nat is configured to allow the IP to be seen (NAT enabled only on outgoing policy), because I had issues with Bitvise SSH server's IP blocking functionality if I enabled two way NAT. I'm thinking this NAT/No-Nat configuration is my issue, but everything works normally, except this intermittent issue with IE 11 clients. NAT is setup as static with a route to the gateway, and as noted it is enabled only on outgoing policies as to not intefere with Bitvise.


So my client has an auto-refreshing Ajax code and has some users on IE 11 (not by choice), about once every week or two the session dies and then repeatedly tries to re-login automatically (due to their code). There is a zero length response being sent verified by the web logs, which is why I assume the session is dead. Eventually, the problem user/client either logs back in successfully and it works for another week or two, and then the issue recurs again.


Would anyone suggest that I leave my config in NAT mode and try Firmware Updates, or just give up and try Transparent mode + firmware updates?


I'm really wanting to solve this issue in one round, they are extremely sensitive to downtime and maintenance windows are short.



New Contributor

For more info, this configuration below is very close to what I am using:


The only real difference between my config and the config from the above Fortinet explanation, is instead of sending one source to one destination, I have multiple VIP destinations in the dest address (so same as image below, except where it says Destination Address: Fortimail Gateway, I am using Destination Address: VIP1, VIP2, VIP3, etc...

That is the only difference I can see between Fortinet's recommendation and the way I have my setup configured, but then I have that IE 11 issue with sessions once per week.



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors