Hot!Source NAT with peculiar server-rst behavior

Author
mgob1985
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/30 13:20:40
  • Status: offline
2020/11/30 13:29:51 (permalink) 6.2
0

Source NAT with peculiar server-rst behavior

Hello all, hoping someone has seen this one before and could shed some light on it.
 
We have a Fortigate 500E that is performing NAT on a policy, downstream from this FG is another firewall, when a client opens a session out, we see the session/flow exist on both firewalls and correct bidirectional traffic, great.
 
Now the issue comes along where if the FG 500E receives a RST packet from the server, to abort the connection it closes it's NAT translation but does not relay that RST packet downstream towards the client, as such the flow/session on the downstream firewall remains active and the client believes the connection is still active, causing an application to hang/timeout instead of knowing about the disconnect.
 
We have confirmed via tap/capture between the FG 500E and the downstream firewall that the fortigate is never sending on that RST, instead it just ceases forwarding traffic so the client nor firewall never knows the connection is dead.
 
IPS is on in monitor mode, Fortinet support suggested turning this off, so we're going to do that on this policy and see if that makes a difference...., other than that there's nothing funny in play, standard NAT policy and it all works normally unless a RST is received from the server side ( we know this is an issue too and the vendor in question is working on that, we should be seeing a FIN on a normal close, their app is crashing ).
 
Any ideas?
post edited by mgob1985 - 2020/11/30 13:48:10
#1

3 Replies Related Threads

    Alexis_Esp
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/12/01 03:46:51
    • Status: offline
    Re: Source NAT with peculiar server-rst behavior 2020/12/01 08:00:18 (permalink)
    0
    Hello,
     
    I think it would be a good idea to remove security profiles, and add them to see if any are interfering.
     
    Have you made a debug flow? Do the logs give you any clues? Maybe you can get something out of it
    #2
    mgob1985
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/11/30 13:20:40
    • Status: offline
    Re: Source NAT with peculiar server-rst behavior 2020/12/02 06:20:19 (permalink)
    0
    Alexis_Esp
    Hello,
     I think it would be a good idea to remove security profiles, and add them to see if any are interfering.
     Have you made a debug flow? Do the logs give you any clues? Maybe you can get something out of it

    We removed IPS and inspection, the issue still occurs.  We're thinking this is related to the firewall being on a stick, and source nat on the same NPU... it looks like this has been an issue in the past across multiple versions....
    #3
    Alexis_Esp
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/12/01 03:46:51
    • Status: offline
    Re: Source NAT with peculiar server-rst behavior 2020/12/02 06:35:08 (permalink)
    0
    Hello,
     
    you can edit some parameters of the NPUs if I remember correctly, and so you can isolate the problem.
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5