Hi,
We found a lot of session clash on the event, this session clash mostly traffic from SSLVPN to internal as we did NAT using interface from SSLVPN Tunnel to internal. I know that session clash is caused by PAT Exhausted. But concurrent session is no more than 4000, how come the PAT exhausted? since there are 60,416 available port numbers per IP.
Is there any impact caused by this clash? i found some traffic from vpn is dropped but not sure whether caused by this clash or not
========
diagnose sys session stat misc info: session_count=4621 setup_rate=14 exp_count=75 clash=69693 memory_tension_drop=0 ephemeral=0/1114112 removeable=0 npu_session_count=166 nturbo_session_count=138 delete=14194, flush=26, dev_down=113/221 ses_walkers=0 TCP sessions: 75 in NONE state 997 in ESTABLISHED state 4 in SYN_SENT state 18 in SYN_RECV state 21 in FIN_WAIT state 65 in TIME_WAIT state 30 in CLOSE state 13 in CLOSE_WAIT state firewall error stat: error1=00000000 error2=0000994b error3=00000000 error4=00000000 tt=00000000 cont=01c41e2a ids_recv=0df477ce url_recv=00000000 av_recv=02d895bb fqdn_count=0000002b fqdn6_count=00000000 global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0 ========
Does anyone here have any ideas?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.