Hi all,
After upgrading to 5.2.4 , all some SSL traffic is not passing through and management traffic using SSH/HTTPS to the firewall is not working, there are no proxy configuration nor SSL inspections or any mgmt hardening.
Has anyone seen this kind of behavior?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm assuming it was working b4 5.2.4 upgrade? If yes than diag debug flow the traffic and see what shows up;
e.g
diag debug reset
diag debug en
diag debug flow filter port 443
diag debug flow show console enable
diag debug flow trace start 100
Post the output here and ensure allow access https is still enabled on the interface(s) that your expecting management.
When your done,
diag debug reset
diag debug disable
You might have to open a ticket or revert back to 5.2.3
PCNSE
NSE
StrongSwan
Hello,
There is a known issue recently reported on V5.2.4 where only the ssl traffic is effected.
Ping works fine.
This is normally seen in a dual wan scenario where https request is received on one interface and response is sent out on another.
As suggested by earlier post, run the debug flow and see if the above said symptoms are seen your case.
well, it seems like the firewall is blocking traffic to itself for some reason : (no trusted hosts and ssh is allowed on the interface)
id=20085 trace_id=2 func=init_ip_session_common line=4527 msg="allocate a new session-0000038f" id=20085 trace_id=2 func=fw_local_in_handler line=382 msg="iprope_in_check() check failed on policy 0, drop" id=20085 trace_id=3 func=print_pkt_detail line=4378 msg="vd-in received a packet(proto=6, 1.1.1.1:3555->1.1.1.9:22) from wan2.
also tried to ssh the firewall to itself :
ssh: connect to host 1.1.1.9 port 22: Connection refused
On the wan interface what does your set allow access show ( ssh ? )?
Ken
PCNSE
NSE
StrongSwan
Hello,
I think, the port on which the Fortigate is listening for SSH must be changed. It is worth to check and confirm under System > Admin > Settings.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.