Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
luis15pt
New Contributor

Created on ‎09-07-2022 02:46 AM Edited on ‎09-07-2022 02:47 AM

7.0 Possible bug in Virtual Server

Im having some issues while using a Virtual Server and i think i have tracked it down to a possible bug.

Model:  FortiGate 1101E
Serial: FG10E1TB22900518

Ver: v7.0.6 build0366 (Feature)

 

Using virtual server for HTTPS to HTTP for a specific host, this host has 8 rules.  luis15pt_0-1662543423352.png

im using a dns name to query the the port, for example 

curl https://api.example.com:5000 

This will work for aprox a few minutes to a few hours only.

 

The solution i have found it to reconfigure ANY rule and change ANY thing on them, for example the first rule HTTP (which does not have a firewall policy as you can see it has 0 references) If i change the color of the rule it will "awaken" the rule and the curl will start working again, and after a random amount of time it will stop and ill need to change something else to get it to work again. 

 

am i missing something in my config or could this be a bug ?

Labels:
1262
0 Kudos
4 REPLIES 4
Anonymous
Not applicable

Created on ‎09-09-2022 01:56 PM

Hello @luis15pt,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks,
1233
0 Kudos
akristof
Staff
Staff

Created on ‎09-10-2022 05:23 AM

Hello,

I would recommend to use debug flow:

https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow

This will tell us what is happening with the traffic, if FortiGate really stops doing DNAT.

Adrian
1225
0 Kudos
alif
Staff
Staff

Created on ‎09-10-2022 06:22 AM Edited on ‎09-10-2022 06:22 AM

Hello @luis15pt ,

 

Please collect the output of the following commands.

diagnose debug reset

diagnose debug flow filter addr <IP>

diagnose debug flow filter port <number> <---optional

diagnose debug console timestamp enable

diagnose debug flow show iprope enable

diagnose  debug flow show function-name enable

diagnose debug flow trace start 1000

diagnose debug enable

 

After performing the test, you can stop debugging;

diagnose debug disable

diagnose debug reset

Regards,
SFA
1222
0 Kudos
luis15pt
New Contributor

Created on ‎09-12-2022 04:11 AM

So this issue happened just now and ive setup the logs before i fixed the issue, it seems as soon as the issue is fixed (changed the color of the rule) the logs stop

 

https://we.tl/t-s7rsNvUfKl

1196
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.