Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- RE: Firewall has reached its session limit for x ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall has reached its session limit for x seconds!
Can someone elaborate the effects of running out of sessions on firewall? Other than content filtering stopping for new sessions what other effects are there. Does using Traffic shaping greatly affect the session count? Will it eventually cause traffic issues with users that are not content filtered? I presume the answer is yes but need to confirm this.
Thanks,
Pat 
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' d like to see a response from someone who really knows the technical issues with this (that' s not me), but I can confirm from recent personal experience that web content filtering stops and SSL VPN tunnels seem to drop (thats been a major problem for us). I believe AV and IDS are affected as well, but again we' ll let the experts chime in on that.
Not sure what model you have, but we' ve got dozens of 60Bs and these have been riddled with these connection limit messages. In some cases it " may" be justified (we' re upgrading to higher-end models), but in many others it just seems like it' s a firmware issue (can' t be having such problems with so few users; 15-20!?!)... Keep an eye out for comments here about firmware issues causing this problem - I think I' ve seen some of that as well. Good luck...
Michael Bruck
Michael Bruck
Not applicable
Created on 03-26-2010 02:15 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We get this all of the time as well. Have about 15 60B' s with 15-20 users at each site. We were having issues with users not being able to access any websites once the connection limit was reached. Seems like a firmware update has fixed that most of the time. Now, we have various symptoms after hitting the connection limit ranging from not being able to access any websites again to users not being filtered at all to HTTP 500 errors.
We have opened support cases a couple times to see if we can prevent this from happening. However, reaching support and talking to a live person is challenging sometimes. We opened a new case regarding memory use/connection limit just over a week ago with nothing concrete other than the technician didn' t see anything obvious and referred us to a basic troubleshooting document suggesting that our ISP is blocking DNS requests and other ports.
However, rebooting the Fortigate seems to alleviate the problem until the connection limit is reached again. It is very frustrating.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gene,
What build are you running on the 60b' s?
I have one that has about 40 users running FortiGate 3.00 MR7 Patch Release 9 (0753). We get some session limits but no critical failures like yours. We run WebFiltering, AV and IPS.
Troy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, there were some issues on 50b and 60b' s as a result of a too file AV signature file.
Here are some optimizations:
1) session timers
config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set udp-idle-timer 60
end
config system session-ttl
set default 300
end
2) Lower AV thresholds
in protection profile
set memory threshold naar 2 MB en pass for oversize.
3) change the fortiguard TTL:
config system fortiguard
set webfilter-cache-ttl 500
set antispam-cache-ttl 500
end
4) change DNS cache:
config system dns
set dns-cache-limit 300
end
5) disable DNS forwarding:
config system dns
unset fwdintf
end
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had these issues with the 80c, it reached connection limit about twice every hour, with around 10 users, i did upgrade to 4.0 Mr1 Patch 4 yeasterday, and all problems were gone 
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a FWF80CM on a 4MB internet connection with about 65 users. I have been getting the same error message. I opened a ticket with fortinet support and they are still researching the issue. " SecureLayers-Eric" - I have done what you have outlined and have disabled all AV, no go. I just have IPS, WF and application control. Watchguard is looking really good right now!
All,
The one thing that I have noticed after upgrading to 4.0MR1 patch 4 is that everytime I change a application control policy (GUI or ssh) it will kick in session limit error message. Anyone else having this issue?
Not applicable
Created on 03-30-2010 01:29 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. I' m considering upgrade to 4.0 mr1 patch 4. Does anyone else solved the problem of " connection limit" with this update?
BTW: changing max ttl is not always best solution it depends on enviroment ( in my case users are filling forms and it takes awfully long time to do that, so in the end when they submit the form they get session timeout)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FYI, after seven days with tech support I was told that they have no idea why the device is doing this and to flash the firmware and reload my config. :( not a good solution if you ask me.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,697 -
FortiClient
1,763 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
471 -
FortiClient EMS
432 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
245 -
FortiAuthenticator v5.5
234 -
IPsec
209 -
FortiWeb
205 -
5.0
196 -
FortiNAC
189 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
103 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
96 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
Certificate
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
Fortinet Engage Partner Program
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
API
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1712 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.