Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
corymrussell
New Contributor

Session Clash issue

Forgive me if this was posted somewhere else. I did search and didn't find anything that helped. I'm showing a large amount of session clash entries in the log. I'm having troubles deciphering and trouble shooting this problem. Is there anyone who can help shed some light on the issue?

 

Thanks in advance for any help.  diagnose sys session stat misc info:       session_count=312 setup_rate=8 exp_count=0 clash=63606         memory_tension_drop=0 ephemeral=0/327680 removeable=0 delete=0, flush=0, dev_down=0/0 TCP sessions:          165 in ESTABLISHED state          1 in SYN_SENT state          8 in TIME_WAIT state          3 in CLOSE state          4 in CLOSE_WAIT state firewall error stat: error1=00000000 error2=00000000 error3=00000000 error4=00000000 tt=00000000 cont=003ee12c ids_recv=00bd1a0d url_recv=00000000 av_recv=0113aa23 fqdn_count=0000001c tcp reset stat:         syncqf=278 acceptqf=0 no-listener=3216 data=0 ses=0 ips=0 global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

1 Solution
Sylvia
Contributor II

Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?

If yes, check your NAT settings.

 

Sylvia

View solution in original post

7 REPLIES 7
Jeroen
Contributor

What for kind of traffic does the firewall pass? Is this VoIP or streaming media?

 

Do you have a logging entry of the clash itself?

corymrussell
New Contributor

The traffic is trying to reach an email server that was in beta. The IP is no longer live. Out of 12 locations I have two units showing these clashes. In the forward log I'm seeing it in HTTP TCP and IPv6.In.IP

 

Sylvia
Contributor II

Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?

If yes, check your NAT settings.

 

Sylvia

selvakumarnarayanan

@Sylviacan you please share how to check NAT port exhaustion.

Sylvia

AFAIK there are no specfic commands for any NAT tables. But you can find more information abouth the clashes in the system event log. Here you can see which sessions have clashed (couldn't be natted) and with this you will have some information which NAT-settings has problems.

corymrussell
New Contributor

Sylvia, Thanks! The issue wasn't in the NAT on the fortinet units but it was indeed a NAT on another portion of the network. Appreciate your help. It got me in the right direction.

Muhammad_Haiqal

This reference may be helpful to understand what is session clash:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-the-session-clash-message/t...

 

haiqal
Labels
Top Kudoed Authors