| Description |
This article describes the information needed to take when a 503 error occurs from the network device end before reaching out to Technical Support. |
| Scope | FortiAppSec Cloud. |
| Solution |
When accessing the application if the users report a 503 error, one can follow the below steps to narrow down the issue:
Step 1: Bypass the application and verify if it is accessible without WAF or not.
Step 2: All FortiAppSec Cloud IPs should be whitelisted in the Firewall, one can find FortiWeb IPs using the below document: Restricting direct traffic & allowing FortiAppSec Cloud IP addresses
Step 3: Verify if the origin server is configured with a single server with a Health Check module or not. Enabling health checks with only one origin server can lead to unexpected 503 Service Unavailable errors; disabling health checks is recommended.
Step 4: If the Health Check module has more than 1 Origin server and still there is a 503 error then the response code configuration of the health check should be the same as what the origin server responds.
Step 5: Check on the Firewall or Edge Device of the network using the 'curl command' towards FortiWeb IPs to verify whether over port 443 or a custom port is used for the application to verify TCP connection is established or not.
By following the above steps if the error still persists then collect the above information and share it on a support ticket. |
