We recently migrated our Sage 300 database to a new server run on a different VLAN from the one the workstations are on. Previously, all the workstations and servers were on the same VLAN and we are moving towards network segmentation for improved security. A policy was created on our fortigate 100f to allow traffic between the workstation and server VLANs with restrictions on the port types and security profiles (av, ips, ssl) in place.
Since the migration, our users have been occasionally (multiple times per day) getting errors (I/O error. pervasive status code 3112. failure during receive from the target server) when running the Sage 300 client. These errors seem to correspond with excessive "TCP reset from client" errors in the logs from that policy. They are able to close the application, go back in, then successfully resume what they are doing but it is becoming disruptive.
I tried turning off the port restrictions but that didn't make a difference. I want to try turning of SSL inspection (based on other articles I have read, shouldn't be necessary) but the GUI won't allow me to do so. I am loath to turn off the AV and IPS security profiles but may try that next.
Does anyone out there have any ideas or suggestions?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
This can happe if MTU settings are different between the server and workstations. Make sure that the MTU settings on both the server and workstations are the same and try to disable SSL inspection and and UTM. Also, make sure that Fortigate policy is in flow based mode.
kumarh,
Thanks for the response. I can tell you that the policy is in flow based mode, I have already disabled SSL inspection (policy set to no inspection), and there is no UTM on the policy. I will work to check the MTU size for the server (it is a VM) and the workstation.
..... and I just verified that both the server and workstation MTU sizes are set to 1500. Any other ideas?
Is there a way to use the fortigate or fortiswitch to test the quality of the physical connection between the server and workstation? The workstations running the Sage 300 client are on a different switch than the server and there is a fiber connection between the two switches using non-Fortinet brand transceivers (always wondered if that might be a problem).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1007 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.