- Check connectivity issue between FortiGate device and webserver using sniffer and debug command towards destination server IP address:
diagnose sniffer packet any "host x.x.x.x" 4 0 a <----- Replace x.x.x.x with destination web-server IP address.
For the detail analysis use the below commands:
diagnose debug disable
diagnose debug reset
diagnose debug console timestamp enable
diagnose debug flow show function-name enable
diagnose debug flow show iprope enable
diagnose debug flow filter addr x.x.x.x <------ Replace x.x.x.x with the destination IP of the communication.
diagnose debug flow trace start 9999
diagnose debug enable
After running the above commands, wait for traffic to get generated by re-enabling the external threat feed connector. If the status shows down, or traffic logs are generated, stop the debug using the below command:
diagnose debug disable
-
Verify which IP address of the firewall is whitelisted in the Webserver to access the hosted file.
-
Under some circumstances, FortiGate might be using a different IP address that is not whitelisted at the web server (lower index interface IP address as source IP address).
-
Then it is possible to manually specify the source IP address in the external threat feed configuration.
config system external-resource
edit <name>
set source-ip <y.y.y.y> <----- Where y.y.y.y is source IP address.
next
end
-
After setting a source IP address in the threat feed, check the traffic flow and check the status of the threat feed.
-
If SD-WAN is configured, change the interface-select-method from auto to SD-WAN:
config system external-resource
edit <name of external connector>
set interface-select-method
auto: Set outgoing interface automatically.
sdwan: Set outgoing interface by SD-WAN or policy routing rules.
specify: Set the outgoing interface manually.
end
|
