Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

are excessive tcp reset errors related to application errors?

We recently migrated our Sage 300 database to a new server run on a different VLAN from the one the workstations are on. Previously, all the workstations and servers were on the same VLAN and we are moving towards network segmentation for improved security. A policy was created on our fortigate 100f to allow traffic between the workstation and server VLANs with restrictions on the port types and security profiles (av, ips, ssl) in place.


Since the migration, our users have been occasionally (multiple times per day) getting errors (I/O error. pervasive status code 3112. failure during receive from the target server) when running the Sage 300 client. These errors seem to correspond with excessive "TCP reset from client" errors in the logs from that policy. They are able to close the application, go back in, then successfully resume what they are doing but it is becoming disruptive.


I tried turning off the port restrictions but that didn't make a difference. I want to try turning of SSL inspection (based on other articles I have read, shouldn't be necessary) but the GUI won't allow me to do so. I am loath to turn off the AV and IPS security profiles but may try that next.


Does anyone out there have any ideas or suggestions?





This can happe if MTU settings are different between the server and workstations. Make sure that the MTU settings on both the server and workstations are the same and try to disable SSL inspection and and UTM. Also, make sure that Fortigate policy is in flow based mode.

New Contributor II



Thanks for the response. I can tell you that the policy is in flow based mode, I have already disabled SSL inspection (policy set to no inspection), and there is no UTM on the policy. I will work to check the MTU size for the server (it is a VM) and the workstation.

New Contributor II

..... and I just verified that both the server and workstation MTU sizes are set to 1500. Any other ideas?


Is there a way to use the fortigate or fortiswitch to test the quality of the physical connection between the server and workstation? The workstations running the Sage 300 client are on a different switch than the server and there is a fiber connection between the two switches using non-Fortinet brand transceivers (always wondered if that might be a problem).


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors