Hi all, I have a problem on setting tcp-halfclose-timer and would like
to seek for advice. I suppose the tcp-halfclose-timer should affect
half-close applications like rsh or sqlnet and should have no effect on,
say https. But I find that even though...
Dar all, We have a pair of Fortigate-800 (running FortiOS 2.80 MR11) in
a L2 active-standby cluster. The configuration is as follows:
Active/Backup Fortigate: external -- connect to campus backbone.
internal, dmz, ha -- connect to 3 internal zones fo...
Dear all, On FortiOS 3.0, there is an option to replace the content of "
Login Challenge Page" (System --> Config --> Replacement Messages -->
Authentication --> Login challenge page). Does anyone know what is the
meaning of this challenge page and w...
Dear all, My company has a Fortigate-800 and would like to use the
authentication feature on the firewall policies. Everything is fine
except for the authentication message. The default message is "
Authentication required: Please enter your username...
Dear romanr, We are using MR3 patch 9. Are MR5 p4 / MR6 stable? Dear
rwpatterson, When the problem occurs, we run ' diag sys top' and find
that ipsengine takes up 99% of cpu. Restarting the ipsengine solved the
problem. Thanks a lot.
Dear all, Our Fortigate-800 cluster also faces the same problem
recently. Would you mind telling me how the problem was fixed
eventually? Thanks a lot.
Hello Abel, Thanks for your reply. I set the tcp-halfclose-timer to 300
and session-ttl to 3600. And then I make a few http connections. After
that, I check the session entries via the web GUI and find that the
expiry time of the http connections are...
Hello Fireshield, I didn' t type the diag command. However, it didn' t
seem to be NIC issue to me as the ARP forwarding problem did not happen
again even I switched back to use the primary Fortigate. Thanks anyway.
KH Cheung