Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
firewallqvl
New Contributor

Created on ‎11-19-2025 01:45 AM

No session matched error, unable to activate the EZVIZ camera.

Hello everyone, hello experts.

I'm currently having an issue with activating an EZVIZ camera. The activation fails and the logs show a 'no session matched' error. I've tried several different methods, but none of them worked.

Is there any way to resolve this issue completely, and which configuration steps should I pay attention to? Does using SD-WAN affect this, and what can I do to allow it?

Thanks you so much!

id=65308 trace_id=430 func=fw_forward_dirty_handler line=401 msg="no session matched"

 

 

 

1.1.png

Labels:
82
0 Kudos
4 REPLIES 4
ezhupa
Staff
Staff

Created on ‎11-19-2025 04:25 AM Edited on ‎11-19-2025 04:35 AM

Hello,

 

Can you add the full trace of the debug flow?
Is the issue on the return packets from the camera itself?
In most cases this issue is seen when the return packet comes to the FGT after a session is already closed or a FIN packet has already been sent.
Not an issue per se on the FGT, but raising session ttl might help.

If the packets ingress and egress the same interface let us know, as this might indicate some other issue entirely.
Hope this helps!

61
firewallqvl
New Contributor
In response to ezhupa

Created on ‎11-19-2025 07:52 PM Edited on ‎11-19-2025 08:40 PM

I am sharing the log : https://tinyurl.com/bp83ckaw

- Thanks you expert.

36
0 Kudos
esalija
Staff
Staff

Created on ‎11-19-2025 04:34 AM

Hi @ firewallqvl,

 

Check TCP Half-Close Timer

- One possible reason for this error is that the session was closed according to the 'tcp-halfclose-timer' before all data was sent.

- You can extend the TCP half-close timer for the specific port used by your camera.

- Create a custom firewall service for the port used by the camera.

- Set the expected tcp-halfclose-timer for the new custom service.
- Use this custom service in all relevant policies.

Please check the KB for more details,

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-the-No-Session-M...

Best regards,
Erlin

59
firewallqvl
New Contributor
In response to esalija

Created on ‎11-19-2025 08:35 PM

Thank you for the expert's response. I have looked through the articles about 'no session matched', but unfortunately, they do not apply to my situation.

 

- config system global: 

set tcp-halfclose-timer 3600

    set tcp-halfopen-timer 120

edit 40
        set name "Sgplog.ezvizlife.com"
        set uuid ....
        set srcintf "LAN-Local"
        set dstintf "virtual-wan-link"
        set action accept
        set srcaddr "Texter"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set anti-replay disable
        set logtraffic all
        set auto-asic-offload disable
        set nat enable
        set session-ttl 3600
        set tcp-mss-sender 1200
        set tcp-mss-receiver 1200
        set comments "Policy for camera"
    next
 
 
 
35
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.