- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Can' t access to an allowed web
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can' t access to an allowed web
I tried Forticare but after they ask Config File I didn' t get any other answer (in a week or more)
Here is the thing I need restricted users in my Work to entero to a Banking Page, there is 2 Profiles:
Unrestricted people can access to " http://www.bicevida.cl/" and " https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login" .
Restricted users also can access to http://www.bicevida.cl/ (Where they Log in) but after they Log it should redirect to a second webpage but it doesn' , it just sit down in a kind of 404 with URL wwww.bicevida.cl
https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login and this one
Both webpages are withelisted in Fortiguard AND our Firewall (300c)
One more
One more
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The best way to figure out what' s happening is to run a debug while someone access the website
diab deb url src-addr (enter the source IP)
diag deb app url 255
diag deb en
After that go to the URL from that src-addr.
The debug output will show all the URLs that the FortiGate is filtering .. what is being allowed and what is being blocked.
Maybe there' s a direct or some kind of sub-page being accessed that is getting denied, but the block page isn' t showing up due to the nature of the page that was blocked.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
diab deb url src-addrFG300C3913600481 # diab deb url src-addr 192.168.2.238 Unknown action 0
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
diag
mistype
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m sorry for not catching the typo, was so obvious.
Connected
FG300C3913600481 # diag deb url src-addr 192.168.2.238
FG300C3913600481 # diag deb app url 255
FG300C3913600481 # diag deb en
FG300C3913600481 # msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226182, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225960, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /WSEnvioClaveV2/faces/ingreso.jspx?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/faces/Login.jspx?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226179, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/login.php"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226180, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /contacto"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226183, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /productos-slide"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/servletcaptcha"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226193, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.eot?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226195, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.woff"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226196, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.ttf"
Url matches local rating
When I click " Login button" on www.bicevida.cl the log doesn' t show anything extra my logs are only when the webpage load for the first time and there is no problem on the first page, the problem is when I try to log in.
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you receive some kind of 404 page it means that the page does not exist on the server. It is not a webfitler problem. The webfilter will pass the connection or block it and you will see the webfilter blocking page.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Isn' t a 404
it just says " Internet Explorer cannot display the Webpage" but in Spanish
I Still don' t know what kind of Fortigate filter is acting on this Site.
The web EXIST
Unrestricted IP' s can access (LOG IN) without problems.
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a quick question: do your policies allow the ' restricted' group accessing the site using https protocol (443) ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checking the logs should help. If there is nothing in the logs then try to switch off the Security Profiles one by one and see when the webpage is allowed. In this way you can find what profile blocked it.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They Have access to HTTPS with SSL Inspection.
One more
One more
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Client Url access issue via VPN 43 Views
- FortiGate drops traceroute UDP 65 Views
- FQDN URL open slowly 58 Views
- SSH to Vdom Link IP Address 184 Views
- Unable to route public IP into... 59 Views
Labels
-
FortiGate
7,135 -
FortiClient
1,407 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
453 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
280 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
92 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
Routing
16 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 883 | |
| 524 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.