Skip to main content
MCGURUPRO
MCGURUPRO
New Member
October 27, 2014
Solved

FORTINET - B200 - Cannot accest hosted company site externally

  • October 27, 2014
  • 1 reply
  • 4748 views

Gents

 

Good evening and thanks already if you got the time to help me out, not sure if this is in the right thread but:

 

Got a internal Active directory domain named, mydomain.com (yes i know not very clever), long story short bought a B200 to satisfy bandwidth managment and content management it owrk like a charm with AD integration, but now i have a small issue.

 

My company web site is hosted externally a suffix that equals my internal domain, i have to point my internal DNS servers to the external www.mydomain.com IP address.

 

if i use any ISP link external to my LAN i can open the web site (E.G. a 3G network), but on my LAN i just get a time out, altough i can resolve the name to the correct IP address internally the page does not open.

 

is there a security mesuare wihtin fortinet causing this situation? what is it? and can you help me to fix it?

 

I say this because if i take fortinet out of the equation and put the old CISCO ASA online all works fine.

 

Regards

    Best answer by Dave_Hall

    Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

     

    [strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

     

    1 reply

    Dave_Hall
    Dave_HallAnswer
    New Member
    October 27, 2014

    Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

     

    [strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

     

    MCGURUPRO
    MCGURUPROAuthor
    New Member
    October 29, 2014

    Dave Hall wrote:

    Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

     

    [strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

     

    [attachImg]https://forum.fortinet.com/download.axd?file=0;115871&where=message&f=DNStranslation.gif[/attachImg]

    Dave

     

    Thank you very much, will give it a try this evening will keep the thread updated.

     

    Regards

    Rui

    Terms & ConditionsAccessibility statement