Skip to main content
luis15pt
luis15pt
New Member
September 7, 2022
Question

7.0 Possible bug in Virtual Server

  • September 7, 2022
  • 4 replies
  • 2006 views

Im having some issues while using a Virtual Server and i think i have tracked it down to a possible bug.

Model:  FortiGate 1101E
Serial: FG10E1TB22900518

Ver: v7.0.6 build0366 (Feature)

 

Using virtual server for HTTPS to HTTP for a specific host, this host has 8 rules.  luis15pt_0-1662543423352.png

im using a dns name to query the the port, for example 

curl https://api.example.com:5000 

This will work for aprox a few minutes to a few hours only.

 

The solution i have found it to reconfigure ANY rule and change ANY thing on them, for example the first rule HTTP (which does not have a firewall policy as you can see it has 0 references) If i change the color of the rule it will "awaken" the rule and the curl will start working again, and after a random amount of time it will stop and ill need to change something else to get it to work again. 

 

am i missing something in my config or could this be a bug ?

4 replies

A
Anonymous_User
Contributor
September 9, 2022
Hello @luis15pt,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks,
akristof
Staff
akristof
Staff
September 10, 2022

Hello,

I would recommend to use debug flow:

https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow

This will tell us what is happening with the traffic, if FortiGate really stops doing DNAT.

alif
Staff
alif
Staff
September 10, 2022

Hello @luis15pt ,

 

Please collect the output of the following commands.

diagnose debug reset

diagnose debug flow filter addr <IP>

diagnose debug flow filter port <number> <---optional

diagnose debug console timestamp enable

diagnose debug flow show iprope enable

diagnose  debug flow show function-name enable

diagnose debug flow trace start 1000

diagnose debug enable

 

After performing the test, you can stop debugging;

diagnose debug disable

diagnose debug reset

luis15pt
luis15ptAuthor
New Member
September 12, 2022

So this issue happened just now and ive setup the logs before i fixed the issue, it seems as soon as the issue is fixed (changed the color of the rule) the logs stop

 

https://we.tl/t-s7rsNvUfKl

Terms & ConditionsAccessibility statement