look at this
i have 1000's of these blocks for many diferent destinations with many dieferent sources on my network
the one thing they all have in common, they have no session id
why is that?
one of the ISP's IP's in the pool
What do you mean one of the IP's in the pool? A dirty forward is indication something is out of wack. Also if you look at the id 3251/3253, it's a duplicate ( same items appears again ) that looks out of wack also.
And yes on the FIN it's a FIN-ack but again a topolgy lay out for what you have would be helpful. Something is not being relayed to explain the dirty-forward.
Fortinet also has a KB out on one cause that relies on tcp-half-close, you might want to read& explore that, but I would look at your cli cmd show full firewall policy <id#> and check if you have ant custom-service built for port-80 and something weird set
reference this KB
http://kb.fortinet.com/kb/viewContent.do?externalId=FD36021&sliceId=1
PCNSE
NSE
StrongSwan
And FWIW here's a better example of the same and with option to extend the tcp-haf-close timer sys global or fwpolicy
http://kb.fortinet.com/kb/viewContent.do?externalId=FD36429
FWIW , the firewall policy method trumps the sys global setting
Here's a v5.2.11 global settings;
FGT60DSOC (global) # show full sys global | grep tcp set reset-sessionless-tcp disable set tcp-halfclose-timer 120 set tcp-halfopen-timer 10 set tcp-option enable set tcp-timewait-timer 1
The custom service tcp-close count should be "0" which means to use the system global setting.
I hope that helps.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1059 | |
883 | |
524 | |
441 | |
147 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.