Hi, guys,
I am using Fortigate 400E with FortiOS v6.4.2, the VIP configuration ( VIP portforwarding + NAT enabled );
And I found the "no session matched" eventlog as below:
session captured ( public IPs are modified):
id=20085 trace_id=41913 func=print_pkt_detail line=5639 msg="vd-root:0 received a packet(proto=6, 100.100.100.154:45742->111.111.111.248:18889) from port2. flag [F.], seq 3948000680, ack 1192683525, win 229"
id=20085 trace_id=41913 func=resolve_ip_tuple_fast line=5720 msg="Find an existing session, id-5e847d65, original direction"
id=20085 trace_id=41913 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=41913 func=ip_session_run_all_tuple line=6922 msg="DNAT 111.111.111.248:18889->10.16.6.35:18889"
id=20085 trace_id=41913 func=ip_session_run_all_tuple line=6910 msg="SNAT 100.100.100.154->10.16.6.254:45742"
id=20085 trace_id=41914 func=print_pkt_detail line=5639 msg="vd-root:0 received a packet(proto=6, 10.16.6.35:18889->10.16.6.254:45742) from Server_V166. flag [F.], seq 1192683525, ack 3948000681, win 453"
id=20085 trace_id=41914 func=resolve_ip_tuple_fast line=5720 msg="Find an existing session, id-5e847d65, reply direction"
id=20085 trace_id=41914 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=41914 func=ip_session_run_all_tuple line=6922 msg="DNAT 10.16.6.254:45742->100.100.100.154:45742"
id=20085 trace_id=41914 func=ip_session_run_all_tuple line=6910 msg="SNAT 10.16.6.35->111.111.111.248:18889"
id=20085 trace_id=41915 func=print_pkt_detail line=5639 msg="vd-root:0 received a packet(proto=6, 100.100.100.154:38914->111.111.111.248:18889) from port2. flag [.], seq 3102714127, ack 2930562475, win 296"
id=20085 trace_id=41915 func=vf_ip_route_input_common line=2598 msg="find a route: flag=80000000 gw-111.111.111.248 via root"
id=20085 trace_id=41915 func=ip_session_core_in line=6296 msg="no session matched"
id=20085 trace_id=41916 func=print_pkt_detail line=5639 msg="vd-root:0 received a packet(proto=6, 100.100.100.154:38354->111.111.111.248:18889) from port2. flag [.], seq 829094266, ack 2501027776, win 229"
id=20085 trace_id=41916 func=vf_ip_route_input_common line=2598 msg="find a route: flag=80000000 gw-111.111.111.248 via root"
id=20085 trace_id=41916 func=ip_session_core_in line=6296 msg="no session matched"
The above "no session matched" does not like this article ( not match VIP policy):
Technical Tip: Troubleshooting VIP (port forwardin... - Fortinet Community
But the issue is similar to this article:
Technical Tip: Return traffic for IPSec VPN tunnel... - Fortinet Community
Any root cause of this issue ? any recommendation to fix it ?
Many thanks
Benson
Due to three WAN links are formed SDWAN link, is the issue as the following article mentioned:
Solved: Re: fortigate 100E sd-wan problem - Fortinet Community
Thx
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
In your case, we would need to see traffic for this session:
100.100.100.154:38914->111.111.111.248:18889
There are couple of things that could happen: Session was closed because timeout expired or session was closed properly before and this packet is out-of-order that came after few seconds. Another option is that the session was cleared incorrectly, but for that, we would need to full session (when session was established) to see what is the flow exactly.
The issue is fixed by the "auxilliary session" :
1. New Features | FortiGate / FortiOS 6.2.0 | Fortinet Documentation Library
2. Technical Tip: Policy Routing Enhancements for Tra... - Fortinet Community
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.