Revision history [back]
fortigate ip connection
Hello few of our application which are hosted on our main DC are abruptly terminating their session. there is a FW in front of those application. branch and DC are connected via SDWAN. FW is fortigate and throwing "IP Connection error" for each abrupt disconnect of those application https://community.fortinet.com/t5/FortiGate/Technical-Tip-ip-conn-traffic-action-in-logs/ta-p/198452 it seems like reply packet is missing so FW is disconnecting the session with connection error
i put sniffer infront of one of the application server and saw some issues starting from packet 29 please see a link below for capture. https://drive.google.com/file/d/1qxJh985B245Qwo_M3JczbaKcbxZFQRZf/view?usp=share_link around 15:24.8 i see ip connection error on firewall logs which sort of reflects the problem starting from packet 29. the interesting thing is ,, this is clear server-rst from packet capture standpoint but fw reports as ip connection error..not server -rst
packet 26 is graceful fin/ack...initially i thought that packet 27 and 28 never makes it to server and thats why packet 29 is the reset but when i check the ack on packet 29 , i noticed that it is acking packet 28 with seq 2516 .. so i am really confused..And after packet 29 whole capture is problmatic. ...also noticed that 119 seconds its commonality for some sort of timer..i checked few of them and they all have this 119 seconds timer and then have same behavior .. one strange thing is packet 31 has strange ack no.. not sure how it shows up..because couldn't relate to other side.. and then its keep doing it.. one thing for sure clients fin-ack do not get ack from server .. but instead we see weird sequence no. packet going out. may be that is reason FW is erroring it.
i have this behavior whenever there is a ip connection error on FW. I am trying to find out what is the root cause. but from this capture it seems like we are loosing some packet but couldn't pin point exactly. does anyone has any thoughts. thanks
fortigate ip connection
Hello few of our application which are hosted on our main DC are abruptly terminating their session. there is a FW in front of those application. branch and DC are connected via SDWAN. FW is fortigate and throwing "IP Connection error" for each abrupt disconnect of those application https://community.fortinet.com/t5/FortiGate/Technical-Tip-ip-conn-traffic-action-in-logs/ta-p/198452 it seems like reply packet is missing so FW is disconnecting the session with connection error
i put sniffer infront of one of the application server and saw some issues starting from packet 29 please see a link below for capture. https://drive.google.com/file/d/1qxJh985B245Qwo_M3JczbaKcbxZFQRZf/view?usp=share_link around 15:24.8 i see ip connection error on firewall logs which sort of reflects the problem starting from packet 29. the interesting thing is ,, this is clear server-rst from packet capture standpoint but fw reports as ip connection error..not server -rst
packet 26 is graceful fin/ack...initially i thought that packet 27 and 28 never makes it to server and thats why packet 29 is the reset but when i check the ack on packet 29 , i noticed that it is acking packet 28 with seq 2516 .. so i am really confused..And after packet 29 whole capture is problmatic. ...also noticed that 119 seconds its commonality for some sort of timer..i checked few of them and they all have this 119 seconds timer and then have same behavior ..
one strange thing is packet 31 has strange ack no.. not sure how it shows up..because couldn't relate to other side.. and then its keep doing it..
one thing for sure clients fin-ack do not get ack from server .. but instead we see weird sequence no. packet going out. may be that is reason FW is erroring it.
i have this behavior whenever there is a ip connection error on FW. I am trying to find out what is the root cause. but from this capture it seems like we are loosing some packet but couldn't pin point exactly. does anyone has any thoughts. thanks