Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
abalak
New Contributor

Lot of Session Clash on SSL VPN Traffic

Hi,

 

We found a lot of session clash on the event, this session clash mostly traffic from SSLVPN to internal as we did NAT using interface from SSLVPN Tunnel to internal. I know that session clash is caused by PAT Exhausted. But concurrent session is no more than 4000, how come the PAT exhausted? since there are 60,416 available port numbers per IP.

Is there any impact caused by this clash? i found some traffic from vpn is dropped but not sure whether caused by this clash or not

========

diagnose sys session stat misc info:       session_count=4621 setup_rate=14 exp_count=75 clash=69693         memory_tension_drop=0 ephemeral=0/1114112 removeable=0         npu_session_count=166         nturbo_session_count=138 delete=14194, flush=26, dev_down=113/221 ses_walkers=0 TCP sessions:          75 in NONE state          997 in ESTABLISHED state          4 in SYN_SENT state          18 in SYN_RECV state          21 in FIN_WAIT state          65 in TIME_WAIT state          30 in CLOSE state          13 in CLOSE_WAIT state firewall error stat: error1=00000000 error2=0000994b error3=00000000 error4=00000000 tt=00000000 cont=01c41e2a ids_recv=0df477ce url_recv=00000000 av_recv=02d895bb fqdn_count=0000002b fqdn6_count=00000000 global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0 ========

 

 

Does anyone here have any ideas?

0 REPLIES 0
Labels
Top Kudoed Authors