Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

NAT Port is Exhausted

Getting the Alert " NAT Port is Exhausted" in our log. It' s listed as critical and nothing on our Firewall is showing any hiccups. 1240B with v4.0,build0272,100331 (MR2)
12 REPLIES 12
Not applicable

bump
TopJimmy
New Contributor

I' ve not seen one of these before. Have you opened a ticket with Fortinet Support?
-TJ
-TJ
Not applicable

Yes I have this too on several boxes since upgrading to 4.0MR2. I opened a support ticket. First they said I needed a bigger nat pool, so I tried that. Alert persisted. I tried several other things--traffic shaping with per ip connection limits, blocking some high-connection apps, etc-- alert still persists. Then they said that the situation has always been ocurring, but that a code change in 4.0MR2 is making the alert visible now. Ok--so what' s going on? No answer. Instead, they opened a bug ticket for me but declined to say if or when it would be fixed and that I would have no access to find out the status of the bug in their mantis system. Bug # is 123511. Maybe if some other affected users open tickets they will look into it? Geoff
Not applicable

I get the error about 3 times a day on my 80C running dual WAN connections for an office with about 50 computers in it. We only sustain about 100K of Internet traffic, and about 1 to 4 SSL vpns at any given time. I opened a ticket today.
jmac
New Contributor

Just saw this message for the first time today on a FortiWiFi-60B running 4.0 MR2. Only have a few active devices and a couple hundred sessions max.
Geom
New Contributor III

Also seeing these error messages. When I look at the number of sessions total on my firewall though there is only about 6000. How can I possibly be exhausting a nat pool if the total sessions the firewall recognizes is 10% of what a single address can supply for port availability. I must be missing something here.
g3rman
New Contributor

Geom, your NAT pool is not related to the number of concurrent sessions your firewall is handling. I' ll see if I can find out more about Fortinet' s internal bug id.
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
Geom
New Contributor III

I opened a ticket and received this: With regards to the error message " NAT port is exhausted" . The issue is caused by bug #123511. The bug fix is already submitted and will be released with 4.2.2 (expected end of July). In the mean time, no work around is necessary since the bug does not affect performance.
Geom
New Contributor III

I would be interesting to know how to identify if a nat pool is in fact oversubscribed, and how to tell which one though. If anyone knows that would be great help.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors