Troubleshooting : Solutions by issue type : Connectivity issues : Establishing IP sessions
 
Establishing IP sessions
If a route exists, but there appears to be a problem establishing or maintaining TCP or IP-layer sessions between FortiRecorder and a computer or camera on your IP network, there are multiple possible causes, such as:
Trusted hosts
protocols/port numbers mismatched or blocked by NAT or firewalls
IP address conflicts
short DHCP leases (Lease time (Seconds) in “Configuring the DHCP server”)
socket exhaustion
You can view a snapshot of FortiRecorder’s session table according to the IP layer. Go to Monitor > System Status > Sessions.
Table 13: IP session table
 
GUI item
Description
Protocol
The protocol of the session according to the “protocol” ID number field (or, for IPv6, “next header”) in the IP header of the packets.
icmp — 1 (Due to the speed of ICMP messages, this will almost never be seen in the session list.)
tcp — 6
udp — 17 (Due to the speed of UDP datagrams, this may be seen in the session list only rarely.)
From IP
The source of the session according the source field in the IP header. If source NAT is occurring, this is not necessarily the IP in the original frame from the client.
From Port
The source port number.
For a list of port numbers that can originate from the FortiRecorder NVR, see “Appendix A: Port numbers”.
To IP
The destination according to the destination field in the IP header. If destination NAT is occurring, this is not necessarily the IP in the original frame from the client.
To Port
The destination port number.
For a list of port numbers that can be received by the FortiRecorder NVR, see “Appendix A: Port numbers”.
Expire (secs)
The session timeout in seconds. The expiry counter is reset when packets are sent or received, indicating that the session is still active.
To refresh the session list snapshot with the most current list, click the dotted circle (Refresh) icon to the left of Records per page.
To sort the session list based upon the contents of a column, hover your mouse cursor over the column’s heading then click the arrow that appears on the right side of the heading, and select either Sort Ascending or Sort Descending.
If you expect sessions that do not exist, be aware that some protocol designs (notably UDP) do not feature persistent sessions. Their sessions will almost immediately expire and be removed from the session list, and therefore it may be very difficult to capture a session list snapshot during the brief moment that the datagram is being transmitted. TCP features persistent connections, where the socket is maintained until the data transmission either is confirmed to be finished or times out, and therefore TCP connections will persist in the session table for a much longer time.
If you still do not see the sessions that you expect, verify that your firewall or router allows traffic to or from those IP addresses, on all expected source and destination port numbers (see “Appendix A: Port numbers”).
If you see sessions with the FortiRecorder web UI or CLI that should not be allowed to exist, be sure to configure all accounts’ Trusted hosts setting.
See also
NVR configuration
User management