- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
7.0 Possible bug in Virtual Server
Im having some issues while using a Virtual Server and i think i have tracked it down to a possible bug.
Model: FortiGate 1101E
Serial: FG10E1TB22900518
Ver: v7.0.6 build0366 (Feature)
Using virtual server for HTTPS to HTTP for a specific host, this host has 8 rules.
im using a dns name to query the the port, for example
curl https://api.example.com:5000
This will work for aprox a few minutes to a few hours only.
The solution i have found it to reconfigure ANY rule and change ANY thing on them, for example the first rule HTTP (which does not have a firewall policy as you can see it has 0 references) If i change the color of the rule it will "awaken" the rule and the curl will start working again, and after a random amount of time it will stop and ill need to change something else to get it to work again.
am i missing something in my config or could this be a bug ?
- Labels:
-
Customer Service
-
FortiGate

Created on ‎09-09-2022 01:56 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would recommend to use debug flow:
https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow
This will tell us what is happening with the traffic, if FortiGate really stops doing DNAT.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @luis15pt ,
Please collect the output of the following commands.
diagnose debug reset
diagnose debug flow filter addr <IP>
diagnose debug flow filter port <number> <---optional
diagnose debug console timestamp enable
diagnose debug flow show iprope enable
diagnose debug flow show function-name enable
diagnose debug flow trace start 1000
diagnose debug enable
After performing the test, you can stop debugging;
diagnose debug disable
diagnose debug reset
SFA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So this issue happened just now and ive setup the logs before i fixed the issue, it seems as soon as the issue is fixed (changed the color of the rule) the logs stop
