Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esa12
New Contributor

Created on ‎02-20-2025 01:48 AM

Accessing url blocked by fortigate action : server-rst

I have an issue when accessing url by ip address using https. Why does the firewall block web access and how do I solve it? all i can see in the log is:

 

ssl block.jpg

Labels:
556
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎02-20-2025 02:20 AM

Server Reset is an action performed from server side, not by firewall.

AEK
AEK
537
ilias87
New Contributor

Created on ‎04-07-2025 07:40 AM

Same issue here,  any idea how to solve it?

281
0 Kudos
AEK
SuperUser
SuperUser
In response to ilias87

Created on ‎04-07-2025 07:50 AM

Server-rst event most probably means the issue is from server side.

Check the related logs on the server, typically the logs of the application that you trying to access.

AEK
AEK
278
dingjerry_FTNT
Staff
Staff
In response to ilias87

Created on ‎04-09-2025 02:38 PM

Hi @ilias87 ,

 

If you have any UTM services applied, please remove all of them first to see whether this issue is still there.

 

If yes, this issue should be caused by the server end.

If no, add the UTM services back one by one to see which will cause the issue.

Regards,

Jerry
117
0 Kudos
ilias87
New Contributor

Created on ‎04-07-2025 07:57 AM

It is quite weird because it appeared after an upgrade to version 7.2.11.

Device tries to access its gateway ( Fortigate is in the middle with a virtual wire pair , in bridge mode) and this issue appeared. It tries to access it in https directly to an ip address as esa12 mentioned. I whitelisted ssl application with id 15895 but stil traffic is being blocked. Anything else (that passes through the same gateway) operates normally. 

274
0 Kudos
AEK
SuperUser
SuperUser
In response to ilias87

Created on ‎04-07-2025 10:23 AM

Hi Ilias

Did you say "traffic is being blocked"? Or is it "server-rst"? If the traffic is being blocked then I guess the traffic is not matched by the expected rule, right?

AEK
AEK
243
ilias87
New Contributor

Created on ‎04-09-2025 08:22 AM Edited on ‎04-09-2025 08:23 AM

Hi AEK , I am using virtual wire pair policy for the whole local interface (Fortigate in transparent mode) and the local devices cannot access their gateway in https. (etc https://192.168.100.1). My ssl inspection policy was in "read-only ssl inspection" mode and when i change it temporary in "no inspection" , page is accessible again. Please note that this happened after an upgrade from 7.2.9 to 7.2.11 version. So clearly Fortigate doesn't like the cerficate of this local page , but i cannot add an exception for ip address  in "read-only ssl inspection " mode. The log message is correct "server-rst". Thanks for assistance!

156
0 Kudos
AEK
SuperUser
SuperUser
In response to ilias87

Created on ‎04-09-2025 08:40 AM

Hi ilias

If the SSL inspection profile is blocking the traffic that means FGT doesn't like the certificate as you said.

In that case you should find in the FGT SSL logs why the certificate has been blocked, and then you can tune the SSL inspection profile accordingly.

AEK
AEK
150
0 Kudos
Dhruvin_patel
Staff
Staff

Created on ‎04-09-2025 02:44 PM

Greetings!

 

The 'server-rst' action in a log indicates that the server has reset the connection; this does not mean that the FortiGate is blocking the connection.

 

There are a few possible reasons that you would get a "server-rst" action, e.g. the client did not send any info for a while for some reasons and the server decides to terminate the session, or if the client sends a FIN and the server may decide to send a RST instead of a FIN.

 

Regards!

Dhruvin Patel
115
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.