Not applicable
Created on 04-26-2010 11:27 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NAT Port is Exhausted
Getting the Alert " NAT Port is Exhausted" in our log. It' s listed as critical and nothing on our Firewall is showing any hiccups. 1240B with v4.0,build0272,100331 (MR2)
12 REPLIES 12
Not applicable
Created on 04-28-2010 01:39 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bump
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' ve not seen one of these before. Have you opened a ticket with Fortinet Support?
-TJ
-TJ
Not applicable
Created on 05-05-2010 06:45 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I have this too on several boxes since upgrading to 4.0MR2. I opened a support ticket. First they said I needed a bigger nat pool, so I tried that. Alert persisted. I tried several other things--traffic shaping with per ip connection limits, blocking some high-connection apps, etc-- alert still persists. Then they said that the situation has always been ocurring, but that a code change in 4.0MR2 is making the alert visible now. Ok--so what' s going on? No answer. Instead, they opened a bug ticket for me but declined to say if or when it would be fixed and that I would have no access to find out the status of the bug in their mantis system. Bug # is 123511. Maybe if some other affected users open tickets they will look into it?
Geoff
Not applicable
Created on 05-11-2010 10:36 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I get the error about 3 times a day on my 80C running dual WAN connections for an office with about 50 computers in it. We only sustain about 100K of Internet traffic, and about 1 to 4 SSL vpns at any given time.
I opened a ticket today.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just saw this message for the first time today on a FortiWiFi-60B running 4.0 MR2. Only have a few active devices and a couple hundred sessions max.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also seeing these error messages. When I look at the number of sessions total on my firewall though there is only about 6000. How can I possibly be exhausting a nat pool if the total sessions the firewall recognizes is 10% of what a single address can supply for port availability. I must be missing something here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Geom,
your NAT pool is not related to the number of concurrent sessions your firewall is handling. I' ll see if I can find out more about Fortinet' s internal bug id.
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked
Questions http://firewallguru.blogspot.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I opened a ticket and received this:
With regards to the error message " NAT port is exhausted" .
The issue is caused by bug #123511. The bug fix is already submitted and will be released with 4.2.2 (expected end of July). In the mean time, no work around is necessary since the bug does not affect performance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would be interesting to know how to identify if a nat pool is in fact oversubscribed, and how to tell which one though. If anyone knows that would be great help.