- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
- Fortinet Community
- Knowledge Base
- FortiProxy
- Troubleshooting Tip: Intermittent '504 Gateway Tim...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
This article describes the '504 Gateway Timeout' error when using FortiProxy in accessing a Website.
Scope
FortiProxy v7.4.x
Solution
Internet traffic is routed through FortiProxy, configured as the proxy server. Users intermittently encounter a 504 Gateway timeout error when attempting to access websites. Packet capture analysis confirms that FortiProxy is receiving DNS responses during these occurrences.
Run the debug commands from Troubleshooting Tip: 504 Gateway timeout error.
diagnose debug reset
diagnose debug disable
diagnose debug console timestamp enable
diagnose debug application dnsproxy -1
diagnose wad filter src 10.x.x.x
diagnose wad debug enable category all
diagnose debug enable
[I]2025-09-23 17:53:57.027060 [p:1285][s:1106075901][r:21473050] wad_dump_http_request :2833 hreq=0x7f0e06a04048 Received request from client: 10.x.x.x:56795
[I]2025-09-23 17:53:57.027069 [p:1285][s:1106075901][r:21473050] wad_http_str_canonicalize :2200 enc=0 path=/ len=1 changes=0
[I]2025-09-23 17:53:57.027074 [p:1285][s:1106075901][r:21473050] wad_http_conn_req_classify :6419 no security profile HTTPS/HTTP, tport=443
[I]2025-09-23 17:53:57.027077 [p:1285][s:1106075901][r:21473050] wad_http_dns_resolve :8896 [0x7f0e06a04048] DNS request name=test.salesforce.com len=33 type/pref=0/0
[I]2025-09-23 17:53:57.027081 [p:1285][s:1106075901][r:21473050] __wad_dns_send_query :787 0:0: sending DNS request for remote peer test.salesforce.com id=0 IPv4
[I]2025-09-23 17:53:57.027087 [p:1285][s:1106075901][r:21473050] wad_dns_req_msg_send_local_req :244 send unreq to dnsproxy.
........
2025-09-23 17:53:57 [worker 0] dns_unix_stream_packet_read()-424: type=5 len=51 session_id=0 flags=0 dnsproxy_local_id==0x0000
2025-09-23 17:53:57 [worker 0] handle_dns_request()-2452: vfid=0 real_vfid=0 id=0x0000 pktlen=51 qr=0 req_type=1
2025-09-23 17:53:57 [worker 0] dns_parse_message()-604
2025-09-23 17:53:57 [worker 0] handle_dns_request()-2489: discard retransmitted query. (id:0x0000).
2025-09-23 17:53:57 [worker 0] dns_unix_stream_packet_error()-175: type=12 len=0 session_id=0 flags=2
2025-09-23 17:53:57 [worker 0] dns_unix_stream_read()-513: client closed the connection
2025-09-23 17:53:57 [worker 0] dns_unix_stream_close()-95: use=2
2025-09-23 17:53:57 [worker 0] dns_unix_stream_cleanup()-81: use=1
2025-09-23 17:53:57 [worker 0] batch_on_read()-3576
2025-09-23 17:53:57 [worker 0] _udp_receive_response()-3430: vd-0: len=132, addr=8.8.4.4:53, rating=0
2025-09-23 17:53:57 [worker 0] dns_query_handle_response()-2723: vfid=0 real_vfid=0 vrf=0 id=0x00be domain=test.salesforce.com pktlen=132
2025-09-23 17:53:57 [worker 0] dns_query_save_response()-2704: domain=test.salesforce.com pktlen=132
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-190: QR: test.salesforce.com
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-197: Offset of 1st RR: 51 Number of RR's: 4
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-218: RR TTL: 300, RR type: 5
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-218: RR TTL: 39, RR type: 1
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-218: RR TTL: 39, RR type: 1
2025-09-23 17:53:57 [worker 0] dns_set_min_ttl()-218: RR TTL: 39, RR type: 1
2025-09-23 17:53:57 [worker 0] dns_cache_response()-310: Min ttl = 39
2025-09-23 17:53:57 [worker 0] dns_forward_response()-1706
2025-09-23 17:53:57 [worker 0] dns_secure_forward_response()-1662: category=255 profile=none
2025-09-23 17:53:57 [worker 0] dns_visibility_log_hostname()-241: vd=0 pktlen=132
2025-09-23 17:53:57 [worker 0] wildcard_fqdn_response_cb()-978: vd=0 pktlen=132
2025-09-23 17:53:57 [worker 0] hostname_entry_insert()-143: af=2 domain=test.salesforce.com
2025-09-23 17:53:57 [worker 0] hostname_entry_insert()-143: af=2 domain=test.salesforce.com
2025-09-23 17:53:57 [worker 0] hostname_entry_insert()-143: af=2 domain=test.salesforce.com
2025-09-23 17:53:57 [worker 0] dns_send_response()-1631: domain=test.salesforce.com reslen=132
2025-09-23 17:53:57 [worker 0] dns_local_log_response()-1554: orig id:0x0000 local id: 0x00be domain=test.salesforce.com
2025-09-23 17:53:57 [worker 0] dns_local_log_response()-1587: write to log: logid=54805 qname=test.salesforce.com
2025-09-23 17:53:57 [worker 0] dns_unix_stream_packet_write()-289: vfid=0 real_vfid=0 vrf=0 id=0x0000 domain=test.salesforce.com req_type=1 req=0
2025-09-23 17:53:57 [worker 0] dns_unix_stream_packet_write()-311: type=11 len=135 session_id=0 flags=0
2025-09-23 17:53:57 [worker 0] dns_query_delete()-611: orig id:0x0000 local id:0x00be domain=test.salesforce.com use=7 active
...
I]2025-09-23 17:54:17.196339 [p:1285][s:1106075901][r:21473050] wad_http_dns_request_done :14039 [0x7f0e06a04048] DNS resolved: N/A
[I]2025-09-23 17:54:17.196356 [p:1285][s:1106075901][r:21473050] wad_dump_fwd_http_resp :2848 hreq=0x7f0e06a04048 Forward response from Internal:
HTTP/1.1 200 Connection established
Proxy-Agent: Fortinet-Proxy/1.0
....
[I]2025-09-23 17:54:17.616334 [p:1285][s:1106075901][r:21473062] wad_dump_http_request :2833 hreq=0x7f0e06a04048 Received request from client: 10.x.x.x:56795
POST /services/apexrest/pricing HTTP/1.1
Host: test.salesforce.com
Accept: application/json
Accept-Encoding: gzip, deflate
....
[I]2025-09-23 17:54:17.616435 [p:1285][s:1106075901][r:21473062] wad_dump_fwd_http_resp :2848 hreq=0x7f0e06a04048 Forward response from Internal:
HTTP/1.1 504 Gateway Timeout
Connection: close
Content-Type: text/html
Cache-Control: no-cache
Packet Capture on Wireshark shows that FortiProxy received the DNS response.
2025-09-23 18:53:56.985471 10.x.x.x 8.8.4.4 93 DNS 64 0x155e (5470) Standard query 0x00be A test.my.salesforce.com
2025-09-23 18:53:57.090586 8.8.4.4 10.x.x.x 174 DNS 118 0x9b1c (39708) Standard query response 0x00be A test.my.salesforce.com CNAME usa440.sfdc-lywfpd.salesforce.com A 155.226.x.x A 155.226.x.x A 155.226.x.x
It is recommended to upgrade to FortiProxy v7.4.12 once it becomes available, as the fix is included in that version. The release timeline is not yet confirmed.
Related articles:
Troubleshooting Tip: 504 Gateway timeout error - Explicit web proxy
Troubleshooting Tip: 504 Gateway timeout error - Explicit web proxy (Part2)
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.