Failed connection attempts
- March 8, 2016
- 4 replies
- 43416 views
Hello,
I have a FG1500D bundle configured for a University.
Almost entire traffic of University and also the campus is passing through it.
Routing and policies are working correctly, but I had an issue and maybe you can help me in debugging it.
So, after few days of normal traffic, suddenly connection to some Google servers was blocked and I saw lots of "Failed connection attempts" messages.
Other sites and traffic was working just fine, only the connection to those servers was blocked. Actualy Google wasn't working.
The security profiles for the traffic contains AV in monitoring mode, IPS sensor with all signatures and default action. Nothing special in the rest.
In attach some images with Failed Connection Attempts messages.
I disabled the security profiles - the problem was still there.
I rebooted the equipment, the connection was still blocked for about half an hour.
After half an hour, the connection to Google was working but it was resolving in a different class of IPs.
Next day, Google was working again, and it was again resolving in the previous IPs, when the problem appeared.
The idea is that the traffic was blocked for all users behind the FortiGate. For other users in the network, which do not pass traffic through FortiGate, the problem never appeared.
Any thoughts?