Hi
I have set up automatic backup to a sftp server (move it transfer), scheduled backup works well and the file is transferring to the server as well. But unfortunately the file's size is zero KB.
Tried manual backup to sftp server by using execute backup command in the cli, but result is same.
Firewall has multiple vdom.
Attached the captured packet screenshot for the reference
Thnaks inadvance
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Moosi
Thank you for updating your query.
As per the issue, description SFTP backup schedule back works well however transferred file size is zero.
May I know which SFTP platform are you using and what is FortiOS version?
Did you try backup on a different platform?
In the syn packet, we see the MSS 1460 and server-side MSS 1380. For the highlighted data transfer we are not receiving any ack packet from the server side.
You can reduce the MSS on the FortiGate to avoid fragmentation.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Please follow below reference link to understand the TCP mss behavior
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Thanks for your advise and suggestion.
To avoid fragmentation, we matched the FortiGate MSS value to the SFTP server value 1380 on the firewall port where the backup trafiic is generating.
config system interface
edit "mgmt2"
set tcp-mss 1380
next
Hi @Moosi
Thank you for updating your query.
As per the issue, description SFTP backup schedule back works well however transferred file size is zero.
May I know which SFTP platform are you using and what is FortiOS version?
Did you try backup on a different platform?
In the syn packet, we see the MSS 1460 and server-side MSS 1380. For the highlighted data transfer we are not receiving any ack packet from the server side.
You can reduce the MSS on the FortiGate to avoid fragmentation.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Please follow below reference link to understand the TCP mss behavior
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Hi @pgautam
Thanks for the reply
SFTP Platform:Move it transfer
FortiOS version:7.2.4
I tried backup on different platform (ftp server) and it is working fine.
Should i reduce MSS or MTU?
Modifications to MTU or MSS affect the network or user sessions?
Hi @Moosi
When you tried backup on a different platform what was the MSS value you observed in the syn and syn+ack packet?
When you reduce MSS on the Fortigate it will rewrite the MSS value in the TCP syn packet.
From the syn+ack packet, we are observing the MSS of server 1380.
To avoid fragmentation you can reduce the MSS in policy.
Since you will be making changes in the policy configuration in this case session might be marked dirty for the re-evaluation.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dirty-session/ta-p/197748
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Thanks for your advise and suggestion.
To avoid fragmentation, we matched the FortiGate MSS value to the SFTP server value 1380 on the firewall port where the backup trafiic is generating.
config system interface
edit "mgmt2"
set tcp-mss 1380
next
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.