Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jackchenwork
New Contributor III

weird problem with one FortiAuthenticator

I am having a weird problem with a testing FAC instance. It's a VM with private IP 192.168.1.109. It's in a isolated environment and I am using a jumpbox machine 192.168.1.100 to access it.  The issue is if I access it by https://192.168.1.109/ , it's fast ( will show me a certificate warning as expected ); if I access it by https://fac.mydomain.local/ ( no certificate warning because the certificate is generated by a Windows CA and the root CA is trusted on the jumpbox),  it's very slow. The VM is configured as Host Name: "fac", Device FQDN: "fac.mydomain.local" .

 

fac.mydomain.local is added into Windows hosts file map to 192.168.1.109.

 

 

Chrome Browser dev tool shows lots of requests took 5S~10S to load :

Jackchenwork_0-1640879574660.png

same "dashboard/" request only take 200ms if I use IP to access it. I can refresh the UI and got same result. 

 

 

1 Solution
Jackchenwork
New Contributor III

actually it's not Chrome trying to validate certificate. further traffic capture showed there is a http request sent to trendmicro.

 

So the machine has trendmicro client installed and when browser access a site by name, it will try to call home to do url/domain filtering. 

 

I guess the lesson is if Internet is blocked, weird things will happen :(

 

 

View solution in original post

2 REPLIES 2
Jackchenwork
New Contributor III

OK I think I know why this is happening now. The jumpbox machine doesn't have Internet access. 

 

When FAC is accessed by IP, I had to accept the certificate warning and Chrome probably won't do further checking; when accessed by Hostname, although the certificate is trusted, Chrome still want to check if the certificate is not revoked from some some online services, and it take long time for the checking to fail since Internet connection will time out from this machine.

 

wireshark capture many requests to many 142.250.190.xx IP with long duration, they belong to Google.

 

 

Jackchenwork
New Contributor III

actually it's not Chrome trying to validate certificate. further traffic capture showed there is a http request sent to trendmicro.

 

So the machine has trendmicro client installed and when browser access a site by name, it will try to call home to do url/domain filtering. 

 

I guess the lesson is if Internet is blocked, weird things will happen :(