Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dkcho
New Contributor

Firewall not sending Keepalive packet

Have strange symptoms The server sends a keepalive packet but cannot export from the firewall (300E v6.2.2) Sniffer shows only incoming packets, not outgoing packets

 

Message content from Sniffer Send keepalive packets 10 times from the server to the firewall (there are ten ack packets) However, the firewall only sees packets coming into the Trust interface (not outgoing packets) The server sends 10 packets, then sends RST and drops it.

 

I wanna know I ask for help

Why? Does the firewall not send keepalive packets? Why? Doesn't the firewall or FAZ tell you that you have dropped the session? (There is no related message.)

 

Thanks

3 REPLIES 3
ekrishnan
Staff
Staff

Hi,

 

You will have to disable NPU offloading in the firewall policy which is allowing this traffic in order to see a full capture.

 

>>Further a deep analysis should be done on the capture taken on the receiving end to observe what happens before the Keepalive packets are being received.

 

>>Is the TCP connection stopped by a non-sequential RST packet or challenge Ack packet?

EK
Toshi_Esumi
Esteemed Contributor III

Also, make sure your IPsec phase1 config doesn't have "set dpd disable". I'm not sure the default setting for DPD.

 

Toshi

srajeswaran
Staff
Staff

Can you take a pcap of those keepalive packets and check if the destination MAC is of Fortigate interface? If for some reason the destination MAC is incorrect, firewall will drop it and you won't see it in logs, but sniffer will show it.

ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Packets-seen-under-diagnose-sniffer-output...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Labels
Top Kudoed Authors