Hi,
I'm having an issue with CLI session using ssh and telnet. Whenever I tried to connect Fortinet or switch behind Fortigate, it disconnects my session after about 15s. Web session on Fortigate stays connected.. but neither the ssh or telnet. Tried to change timeout settings on Fortigate. It didn't help. I'm sitting behind a Fortigate that has an ipsec tunnel with the Fortigate that I'm trying to connect to. Any settings on IPSEC tunnel? Any suggestions?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There is no setting on Fortigate to cause an ACTIVE ssh session to disconnect every other second/minute, the only setting like set admintimeout relates to ssh/web admin sessions but even then only for IDLE sessions, not active ones.
Is it possible you have SD-WAN + Ipsec ? If so then it could be the FGT is balancing your ssh over multiple VPN tunnels and this causes the issue, in that case you can try setting SD-WAN to preserve-session setting.
tcp-mss size is my 1st thought since you are using a a ipsec-tunnel you have a policy right ? Go into the cli mode and set the tcp-mss receive and retest.
http://socpuppet.blogspot.com/2013/05/tcp-mss-adjusment-fortigate-style.html
Also please telling me your not using telnet for management ;)
Ken Felix
PCNSE
NSE
StrongSwan
Thanks for your replies. Let me go ahead and adjust tcp-mss and test it what happens. I was just testing "telent' see if I have a same issue.
Forgot to mention that it stays connected as long as I type.
Man that last post update makes me believe you have session-ttl set & if you go idle the session is timeout. If you do a "diag debug flow" and find the policy and services make sure some one didn't hack of the service session-ttl to some weird idle timeout
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.