Session table and 2 ISP

Author
knet4
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/13 05:38:36
  • Status: offline
2018/12/04 08:11:45 (permalink)
0

Session table and 2 ISP

Hello,
 
When we have break internet to ISP1, all traffic is switched to ISP2. When the internet connected for ISP1 came back, some sessions stay on ISP2. We must clear session on Fortigate (sip connection don't work).
What can we do to clear the session table when changing the network?
#1

3 Replies Related Threads

    lobstercreed
    Bronze Member
    • Total Posts : 33
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Session table and 2 ISP 2018/12/04 09:12:01 (permalink)
    0
    Hi Jan,
     
    This is normal behavior.  It would generally be undesirable to break a session just because another route became available.  If it's SIP like you mentioned, any phone calls in progress would be dropped when you clear the sessions.
     
    However, I have run into this as well where I want our SIP connections to consistently go out one ISP unless that one is not available.  The problem is that ISP performs maintenance frequently and I would find that my connection had failed over to my other ISP the next day.  My solution was to pick a time after their maintenance but before business hours and run a scheduled script to clear any of my SIP connections on the wrong ISP interface.  This would run daily, and if no connections had failed over there would be nothing to clear, but if something had it would clear it and reconnect on the "right" ISP.
     
    This won't do *exactly* what you want, because I don't think you can schedule the script based on an event like that, but you could run the script more frequently if you wanted it to catch the issue sooner.  I just wouldn't recommend it because of it breaking active calls.
     
    config system auto-script
        edit "clearSIPsessionsToISP1"
           set interval 86400          <-- 24 hours in seconds
           set repeat 0
           set start auto
           set script "diagnose sys session filter clear
    diagnose sys session filter src x.x.x.x    <-- IP redacted, but this is my voice gateway that initiates all SIP connections.  You might be able to use a filter based on destination port for SIP (5060) to catch all connections
    diagnose sys session filter dint wan1     <-- the interface where the "wrong" ISP is connected
    diagnose sys session clear"
        next
    end
     
    - Daniel Hamilton
     
    #2
    knet4
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/06/13 05:38:36
    • Status: offline
    Re: Session table and 2 ISP 2018/12/05 00:40:22 (permalink)
    0
    Thank you, Daniel
     
    But I have Fortigate Os version 4, and auto-script function is unavailable
    post edited by knet4 - 2018/12/05 00:48:19
    #3
    lobstercreed
    Bronze Member
    • Total Posts : 33
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Session table and 2 ISP 2018/12/05 05:26:33 (permalink)
    0
    I guess no chance of upgrading due to hardware?  Looks like auto-script was added in 5.4
     
    5.4 and 5.6 have some amazing features if you can get to them...
     
    If you have some way to script an SSH session to connect and run those commands you could still do it I think, but otherwise I think you're out of luck.  
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5