Forgive me if this was posted somewhere else. I did search and didn't find anything that helped.
I'm showing a large amount of session clash entries in the log. I'm having troubles deciphering and trouble shooting this problem. Is there anyone who can help shed some light on the issue?
Thanks in advance for any help.
diagnose sys session stat
misc info: session_count=312 setup_rate=8 exp_count=0 clash=63606
memory_tension_drop=0 ephemeral=0/327680 removeable=0
delete=0, flush=0, dev_down=0/0
165 in ESTABLISHED state
1 in SYN_SENT state
8 in TIME_WAIT state
3 in CLOSE state
4 in CLOSE_WAIT state
firewall error stat:
tcp reset stat:
syncqf=278 acceptqf=0 no-listener=3216 data=0 ses=0 ips=0
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0
The traffic is trying to reach an email server that was in beta. The IP is no longer live. Out of 12 locations I have two units showing these clashes.
In the forward log I'm seeing it in HTTP TCP and IPv6.In.IP
AFAIK there are no specfic commands for any NAT tables. But you can find more information abouth the clashes in the system event log. Here you can see which sessions have clashed (couldn't be natted) and with this you will have some information which NAT-settings has problems.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.