Forgive me if this was posted somewhere else. I did search and didn't find anything that helped. I'm showing a large amount of session clash entries in the log. I'm having troubles deciphering and trouble shooting this problem. Is there anyone who can help shed some light on the issue?
Thanks in advance for any help. diagnose sys session stat misc info: session_count=312 setup_rate=8 exp_count=0 clash=63606 memory_tension_drop=0 ephemeral=0/327680 removeable=0 delete=0, flush=0, dev_down=0/0 TCP sessions: 165 in ESTABLISHED state 1 in SYN_SENT state 8 in TIME_WAIT state 3 in CLOSE state 4 in CLOSE_WAIT state firewall error stat: error1=00000000 error2=00000000 error3=00000000 error4=00000000 tt=00000000 cont=003ee12c ids_recv=00bd1a0d url_recv=00000000 av_recv=0113aa23 fqdn_count=0000001c tcp reset stat: syncqf=278 acceptqf=0 no-listener=3216 data=0 ses=0 ips=0 global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?
If yes, check your NAT settings.
Sylvia
What for kind of traffic does the firewall pass? Is this VoIP or streaming media?
Do you have a logging entry of the clash itself?
The traffic is trying to reach an email server that was in beta. The IP is no longer live. Out of 12 locations I have two units showing these clashes. In the forward log I'm seeing it in HTTP TCP and IPv6.In.IP
Session clash usually indicates NAT port exhaustion. Do you see any messages about this in the traffic log?
If yes, check your NAT settings.
Sylvia
@Sylviacan you please share how to check NAT port exhaustion.
AFAIK there are no specfic commands for any NAT tables. But you can find more information abouth the clashes in the system event log. Here you can see which sessions have clashed (couldn't be natted) and with this you will have some information which NAT-settings has problems.
Sylvia, Thanks! The issue wasn't in the NAT on the fortinet units but it was indeed a NAT on another portion of the network. Appreciate your help. It got me in the right direction.
This reference may be helpful to understand what is session clash:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.