Issue with WebSocket Connection Closing Prematurely in My Network Setup
Network Setup Overview:
In my current network setup:

Incoming traffic first reaches the FortiGate firewall (version 7.2.9).
It then passes to the core switch and routes to FortiWeb (version 7.6.1).
From FortiWeb, it goes to an aggregation switch and finally reaches the application via a service HA setup.

We have a published website that uses WebSocket connections for real-time reporting on a specialized application. The WebSocket sends data every 5 seconds to keep the connection alive.

Testing and Actions Taken on Network Devices:

Set session TTL to 1 hour on FortiGate.
Configured the following on FortiWeb:
set tcp-keepidle 300
set tcp-keepintvl 60

Removed the security policy profile from FortiGate.
Set an alert security policy on FortiWeb.
Checked switch traffic for any configurations limiting requests or sessions (found none).

Observations and Issue:

When the WebSocket connection originates locally (within the same VLAN as the server), the connection remains stable and alive for over 10 hours.
When the WebSocket connection comes through a public IP to the server, the connection closes within 2 to 20 minutes .
When the WebSocket connection runs through an IPSec tunnel (e.g., from a branch office), the same issue occurs — the connection closes after 2 to 20 minutes .

Troubleshooting Notes:

I’ve reviewed all relevant configurations but haven’t found any settings explicitly limiting WebSocket connections or affecting session persistence.
The issue seems to occur when traffic originates externally (public IP or over IPSec), but internal traffic is unaffected.

Question:
In your opinion:

How can I determine what’s causing the WebSocket connections to close prematurely in these scenarios?
Are there specific configurations or logs I should be focusing on to identify and resolve this problem?

Any advice would be greatly appreciated!