Hello, I have a problem with my FortiVM FW , some of my ussers from a remote warehouse get conection properly but the next 5 seconds it drop off. It only happens in this warehouse. Policy permits traffic to the VPN host and port 10443. And as I can see in the logs, it has matched in and out.
We have fortigate VM FGVM
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I would recommend to sniff traffic "diag sniffer packet any 'host <destination IP address>' 6 0 a". It may give a hint why client is sending RST packet.
Where should i run this diag, in my fortiauthenticator or host were get the reset from client?
Hello,
On FortiGate side (VDOM level if applicable).
Hello @gvasquezn
Try increasing the timeout value in the matching firewall policy and see if that helps.
# config firewall policy
# edit 1
# set session-ttl 1500
# end
regards,
Sheikh
this gave me this mesage.
FGVM4VTM23001983 (policy) # edit 1
new entry '1' added
FGVM4VTM23001983 (1) # set session-ttl 1500
FGVM4VTM23001983 (1) # end
Attribute 'srcintf' MUST be set.
Command fail. Return code -56
The firewall policy itself allowed the traffic, otherwise client-RST could not happen.
Check if you have any relevant UTM profiles enabled in that policy (ID 196 based on the log).
If none, then the FortiGate is unlikely to be at fault. You will need to run a packet capture of both sides (as abarushka suggestted) and figure out what's wrong there on the application layer.
Given the number of packets sent, my initial random guess would be some issue during early TLS handshake. Not enough bytes for a certificate to be finished sending over, so maybe mismatch in TLS version and/or ciphersuite? Anyway, the pcap will hopefully answer that.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.