Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎04-28-2008 12:28 PM

Idle connections freeze or lock RDP and MySQL

We have a problem with a HA FortiGate-300 cluster. The cluster is in transparant mode. We have found that if we leave a command line mysql client open and idle, it will become locked out after a couple of minutes. It doesn' t disconnect, it just hangs on the next query as the tcp connection has gone away. We see something similar with Remote Desktop connections through the FortiGate. If left idle for a while, the connection will go away. RDP will recover, but the desktop will be frozen for about a minute. As the FG is in transparant mode, I assume session time-outs don' t come into play, or do they?
1633
0 Kudos
3 REPLIES 3
abelio
SuperUser
SuperUser

Created on ‎04-28-2008 07:15 PM

As the FG is in transparant mode, I assume session time-outs don' t come into play, or do they?
Timeouts play even in TP mode, but you' re talking about couple of minutes, a very short timeout. Defaults are higher (3600 sec), so it seems to be another issue. Check table sessions in dashboard and play with ' config system session-ttl' CLI command for your protocols, i.e, for rdp standard 3389/tcp port: 
 config system session-ttl
         config port
             edit 3389
                 set timeout 7200
             next
         end
 end

regards




/ Abel

regards / Abel
1054
0 Kudos
Not applicable

Created on ‎04-29-2008 02:00 AM

Abel, You did however hit the nail on the head. Either the default changed or the previous admin (I inherited this setup from a takeover) had some interesting ideas... 
 config system session-ttl
     set default 300
         config port
             edit 22
                 set timeout 3600
             next
         end
 end
1054
0 Kudos
abelio
SuperUser
SuperUser
In response to

Created on ‎04-29-2008 06:42 AM

interesting, maybe your previous admin tried to react to ' The system has entered conserve mode' message for a overloaded box; there' s an kc' s article (http://kc.forticare.com/default.asp?id=1076) where one of the emergency settings was set default timeout to 300 sec. Or the emergency became permanent or you' ve inherited the box meanwhile; maybe the cluster was the way to solve the overload, or maybe earlier admin ' had some interesting ideas... ' best regards,

regards




/ Abel

regards / Abel
1054
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.