Random connection error after removing Fortinet FW bypass from DMZ to LAN (The semaphore timeout period has expired)

0

let me describe our environment:

  1. We have an application server (MS Windows Server) in our DMZ with IIS Server, ASP.NET applications run here.
  2. We have DB servers (MS SQL Server and Oracle) in our LAN
  3. There is a Fortinet firewall between DMZ and LAN

We used to have BYPASS from Windows Server in DMZ to MS SQL Server in LAN (physical cable). There was some historical reason for this...

Recently, we removed this bypass and all communication goes through firewall right now. From this moment following problem has started:

1) The following error occurs randomly when an application tries to communicate with the SQL server. It happened only sometimes, it is random... Sometimes it works, but a couple minutes later the error occurs and after that, it works again. We don't see anything in our FW logs (or we don't know where exactly to look).

A transport-level error has occurred when receiving results from the server. (provider: TCP Provider, error: 0 - The semaphore timeout period has expired.) System.ComponentModel.Win32Exception (0x80004005): The semaphore timeout period has expired
Source: 
StackTrace: 
at Page_Load(Object sender, EventArgs e) in test2.aspx.cs:line 16
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

2) The similar error occurs when an application tries to communicate with Oracle server. And again, it occurs randomly...

A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
Source: System
StackTrace: at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at OracleInternal.Network.ReaderStream.Read(OraBuf OB)

We don't think that it's a problem of ASP.NET applications itself. The issue affects all ASP.NET applications from different vendors.

asp.net
iis
networking
windows-server
dmz
asked on Stack Overflow Apr 23, 2020 by Kaspy

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0