Hello all, hoping someone has seen this one before and could shed some light on it.
We have a Fortigate 500E that is performing NAT on a policy, downstream from this FG is another firewall, when a client opens a session out, we see the session/flow exist on both firewalls and correct bidirectional traffic, great.
Now the issue comes along where if the FG 500E receives a RST packet from the server, to abort the connection it closes it's NAT translation but does not relay that RST packet downstream towards the client, as such the flow/session on the downstream firewall remains active and the client believes the connection is still active, causing an application to hang/timeout instead of knowing about the disconnect.
We have confirmed via tap/capture between the FG 500E and the downstream firewall that the fortigate is never sending on that RST, instead it just ceases forwarding traffic so the client nor firewall never knows the connection is dead.
IPS is on in monitor mode, Fortinet support suggested turning this off, so we're going to do that on this policy and see if that makes a difference...., other than that there's nothing funny in play, standard NAT policy and it all works normally unless a RST is received from the server side ( we know this is an issue too and the vendor in question is working on that, we should be seeing a FIN on a normal close, their app is crashing ).
Any ideas?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I think it would be a good idea to remove security profiles, and add them to see if any are interfering.
Have you made a debug flow? Do the logs give you any clues? Maybe you can get something out of it
Alexis_Esp wrote:We removed IPS and inspection, the issue still occurs. We're thinking this is related to the firewall being on a stick, and source nat on the same NPU... it looks like this has been an issue in the past across multiple versions....Hello,
I think it would be a good idea to remove security profiles, and add them to see if any are interfering.
Have you made a debug flow? Do the logs give you any clues? Maybe you can get something out of it
Hello,
you can edit some parameters of the NPUs if I remember correctly, and so you can isolate the problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.