FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
This article describes how to troubleshoot and resolve the 'Connection failed' issue in the FortiGate Threat Feeds connector and the 'you have been logged out' issue in FortiSOAR, which may occur periodically when integrating multiple FortiGates.
Scope
FortiSOAR.
Solution
Troubleshooting Steps:
Review Logs for QueuePool Overflow: Check the logs for 'QueuePool limit of size 5 overflow 10 reached' errors. These errors may indicate that the connection pool is being exhausted.
If these errors are seen, it is likely related to the exhaustion of connections in the QueuePool.
Adjust QueuePool Settings: Navigate to the file '/opt/cyops-auth/utilities/das.ini' and update the 'poolsiz' and 'maxoverflow' settings to increase the pool size. For example:
Restart the cyops-auth Service: Execute the following command to restart the 'cyops-auth' service:
# systemctl restart cyops-auth
Check FortiGate Threat Feeds Configuration: Review the FortiGate Threat Feeds configuration to ensure that the 'refresh-rate' has been configured appropriately. By default, the refresh rate is set to 5 minutes. Consider increasing the polling interval to a longer duration and observe if the issue persists after this change.
