Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
duenlim
Staff
Staff

Created on ‎11-01-2023 05:22 AM

Article Id 282271

Troubleshooting Tip: Slow connection when accessing IP address URLs

Description This article describes how to fix a network issue where connection to URLs with IP addresses (for example, https://22.22.22.22) takes longer than expected.
Scope FortiProxy.
Solution

The reverse DNS lookup feature is introduced in FortiProxy version v7.0.4.

Refer to the release notes.

 

By default, using reverse DNS lookup is enabled. It can control whether a reverse DNS lookup is performed for policy matching:

 

config firewall profile-protocol-options

edit <name_of_profile>

config http

set verify-dns-for-policy-matching disable

end

 

Alternatively, add a host with a PTR record in the DNS server.


The connection slowdown occurs during the following typical process:

 

  1. The client asks for a URL such as https://22.22.22.22 from FortiProxy.
  2. The FortiProxy receivs the URL https://22.22.22.22 and performs a reverse DNS lookup on the DNS server.
    Note: In some scenarios, the DNS server takes a few seconds to respond, causing the slowdown. See below.
  3. The FortiProxy initiates a web request to https://22.22.22.22.

 

Example 1: The DNS server took three seconds to respond with 'Server failure PTR'. Consequently, the FortiProxy initiated the connections after three seconds.

 

No. Time Source Src Port Destination Dst Port Protocol Length Info

1 2023-09-18 16:05:44 10.10.10.10 1779 10.10.10.11 53 DNS 86 Standard query 0x8018 PTR 22.22.22.22.in-addr.arpa

21 2023-09-18 16:05:48 10.10.10.11 53 10.10.10.10 1779 DNS 86 Standard query response 0x0085 Server failure PTR 22.22.22.22.in-addr.arpa

 

Example 2: Sometimes FortiProxy initiates the connections after seven or eight seconds if the DNS server responds 'Server failure PTR'.

 

2 2023-09-18 16:10:00 10.10.10.10 1779 10.10.10.11 53 DNS 86 Standard query 0x8018 PTR 22.22.22.22.in-addr.arpa

24 2023-09-18 16:10:01 10.10.10.11 53 10.10.10.10 1779 DNS 86 Standard query response 0x0085 Server failure PTR 22.22.22.22.in-addr.arpa

25 2023-09-18 16:10:01 10.10.10.11 53 10.10.10.10 1779 DNS 86 Standard query response 0x0085 Server failure PTR 22.22.22.22.in-addr.arpa

50 2023-09-18 16:10:02 10.10.10.10 1779 10.10.10.11 53 DNS 86 Standard query 0x8018 PTR 22.22.22.22.in-addr.arpa

70 2023-09-18 16:10:04 10.10.10.10 1779 10.10.10.11 53 DNS 86 Standard query 0x8018 PTR 22.22.22.22.in-addr.arpa
651
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.