Hi everyone
I'm trying to setup a policy with virtual servers to divide the traffic from subdomain1.domain.com and subdomain2.domain.com to different synology nas.
I set up the virtual servers:
and then setup a policy:
The problem is that i'm obtaining this error:
What could be wrong?
Solved! Go to Solution.
We would need to see the details of the individual VIP's configurations, but based on the error message, it looks like you're DNAT-ing plaintext HTTP traffic to the realserver's HTTPS port.
This could be a simple :80 -> :443 mis-translation, or maybe you're mistakenly doing an SSL half-offload where the client talks HTTPS to the client, but the FGT talks HTTP to the server. (if that's the case, you should switch the VIP to full-offload SSL)
Hello @itcba ,
When I reviewed your FortiGate configuration, I couldn't see the problem with your configuration.
This error page comes from Synology and I did some research about that. I found one YouTube video about how to setup Synology with reverse proxy. Virtual server features work like reverse proxy. Did you make these changes on Synology?
https://www.youtube.com/watch?v=xo3soLHrFOU&ab_channel=DigitalAloha
Also, did you define all Synology IPs in the pools as HTTP?
We would need to see the details of the individual VIP's configurations, but based on the error message, it looks like you're DNAT-ing plaintext HTTP traffic to the realserver's HTTPS port.
This could be a simple :80 -> :443 mis-translation, or maybe you're mistakenly doing an SSL half-offload where the client talks HTTPS to the client, but the FGT talks HTTP to the server. (if that's the case, you should switch the VIP to full-offload SSL)
full-offloading SSL seems to have fixed the issue.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.