Im having some issues while using a Virtual Server and i think i have tracked it down to a possible bug.
Model: FortiGate 1101E
Serial: FG10E1TB22900518
Ver: v7.0.6 build0366 (Feature)
Using virtual server for HTTPS to HTTP for a specific host, this host has 8 rules.
im using a dns name to query the the port, for example
curl https://api.example.com:5000
This will work for aprox a few minutes to a few hours only.
The solution i have found it to reconfigure ANY rule and change ANY thing on them, for example the first rule HTTP (which does not have a firewall policy as you can see it has 0 references) If i change the color of the rule it will "awaken" the rule and the curl will start working again, and after a random amount of time it will stop and ill need to change something else to get it to work again.
am i missing something in my config or could this be a bug ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 09-09-2022 01:56 PM
Hello,
I would recommend to use debug flow:
https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow
This will tell us what is happening with the traffic, if FortiGate really stops doing DNAT.
Hello @luis15pt ,
Please collect the output of the following commands.
diagnose debug reset
diagnose debug flow filter addr <IP>
diagnose debug flow filter port <number> <---optional
diagnose debug console timestamp enable
diagnose debug flow show iprope enable
diagnose debug flow show function-name enable
diagnose debug flow trace start 1000
diagnose debug enable
After performing the test, you can stop debugging;
diagnose debug disable
diagnose debug reset
So this issue happened just now and ive setup the logs before i fixed the issue, it seems as soon as the issue is fixed (changed the color of the rule) the logs stop
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.