| Description | This article describes how to troubleshoot if a Website's CAPTCHA is not visible intermittently, even after configuring the plain firewall policy. |
| Scope | FortiGate. |
| Solution |
To narrow down the issue, first create a temporary firewall policy for the affected user with the action set to Allow and no security profiles. If the CAPTCHA starts working, then one of the security profiles in the original policy may be causing the problem.
In this case, the issue continued even with a plain allow policy. The firewall logs showed normal traffic with no denies.
At this point, the next step is to check the browser's Developer Tools on the user's system to see if any CAPTCHA-related requests or scripts fail to load.
URLs in red or with the code 4xx or 5xx may have issues.
To troubleshoot, try to ping or run an nslookup on the CAPTCHA-related URLs to check whether they are resolving correctly.
See the screenshot below:
In this scenario, the DNS Server was internal, and the resolution of the URL was intermittent, which indicates the problem was with the DNS server, not the firewall.
To troubleshoot further, perform a packet capture for the DNS traffic on the user’s system and on the firewall (if DNS queries pass through it) to confirm whether the DNS responses are consistent.
In this case, after changing the DNS server to 8.8.8.8 on the user system, the CAPTCHA started working normally.
Refer to the screenshot below:
Related articles: Technical Tip: CAPTCHA Behavior in Custom Policies Technical Tip: Unable to access websites that use Google reCAPTCHA |
