Skip to main content
idepato
idepato
New Member
August 13, 2024
Question

I can't load some websites via fortigate

  • August 13, 2024
  • 5 replies
  • 4043 views

I have a Fortigate 200F and I can't load some websites. These are specific web pages and the number keeps increasing as I find new web pages.
I have turned everything off and I still cannot load these web pages.
Can you help me with this?

5 replies

amuda
Staff
amuda
Staff
August 13, 2024

Hi @idepato ,

 

You might want to check this: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-pages-not-loading-or-taking-too-long-to/ta-p/313958

    idepato
    idepatoAuthor
    New Member
    August 13, 2024

    I've tried changing the MTU and other things and it still doesn't work. For example, fortinet.com doesn't work for me either. It's both interesting and strange

    ozkanaltas
    ozkanaltas
    Valued Contributor III
    August 13, 2024

    Hello @idepato ,

     

    I faced a similar issue before. When I changed the mss value on the rule, the problem was solved. Can you try to change the mss value to 1350 or lower?

     

    If it does not work for you, you can try to change the MTU value of the wan interface.

     

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-adjust-the-Maximum-Transmission-Unit-MTU/ta-p/191326

     

     

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518

    idepato
    idepatoAuthor
    New Member
    August 13, 2024

    Thank you, but It's still not working. It's very interesting and I don't know what to do with it. I've tried everything possible, but the site still doesn't work. It used to work for me, but one day it just stopped working. I've also tried calling the provider in question who owns the site in question, because it's the government and they won't block me. From them, the packets get to us, but it doesn't get to them. Also the fortinet.com site is not working and neither is the forigate documentation.

    pkumari
    Staff
    pkumari
    Staff
    August 13, 2024

    @idepato , can you please provide the below debug & sniffer output, taking one problematic destination?

     

    diag debug reset
    diag debug flow show console enable
    diag debug flow show function-name enable
    diag debug flow show iprope enable
    diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with destination ip of the communication.
    diag debug flow trace start 10000
    diag debug enable

     

    Putty2 :

    diag sniffer packet any “host x.x.x.x” 6 0 l <<<<< replace x.x.x.x with destination ip of the communication.


    After running the commands please initiate the traffic to website and once the access is blocked /disconnected.
    Please stop the debug using the below command

     

    dia de dis

    idepato
    idepatoAuthor
    New Member
    August 13, 2024

    I have everything turned off, only through fortinet does not work given communication to certain sites.

    hhasny
    Staff
    hhasny
    Staff
    August 14, 2024

    Hi @idepato ,

    Can you PING the sites?

    Can you traceroute the sites?

    Check reachability from your Fortigate and client machines first. If they are reachable, run the command shared by pkumari.

    regards,

    arahman
    Staff
    arahman
    Staff
    August 15, 2024

    also please check the logs, what does it says in the forward logs?

    Terms & ConditionsAccessibility statement