- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Can' t access to an allowed web
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can' t access to an allowed web
I tried Forticare but after they ask Config File I didn' t get any other answer (in a week or more)
Here is the thing I need restricted users in my Work to entero to a Banking Page, there is 2 Profiles:
Unrestricted people can access to " http://www.bicevida.cl/" and " https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login" .
Restricted users also can access to http://www.bicevida.cl/ (Where they Log in) but after they Log it should redirect to a second webpage but it doesn' , it just sit down in a kind of 404 with URL wwww.bicevida.cl
https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login and this one
Both webpages are withelisted in Fortiguard AND our Firewall (300c)
One more
One more
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The best way to figure out what' s happening is to run a debug while someone access the website
diab deb url src-addr (enter the source IP)
diag deb app url 255
diag deb en
After that go to the URL from that src-addr.
The debug output will show all the URLs that the FortiGate is filtering .. what is being allowed and what is being blocked.
Maybe there' s a direct or some kind of sub-page being accessed that is getting denied, but the block page isn' t showing up due to the nature of the page that was blocked.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
diab deb url src-addrFG300C3913600481 # diab deb url src-addr 192.168.2.238 Unknown action 0
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
diag
mistype
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m sorry for not catching the typo, was so obvious.
Connected
FG300C3913600481 # diag deb url src-addr 192.168.2.238
FG300C3913600481 # diag deb app url 255
FG300C3913600481 # diag deb en
FG300C3913600481 # msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226182, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225960, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /WSEnvioClaveV2/faces/ingreso.jspx?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/faces/Login.jspx?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226179, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/login.php"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226180, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /contacto"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226183, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /productos-slide"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/servletcaptcha"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226193, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.eot?"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226195, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.woff"
Url matches local rating
msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226196, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.ttf"
Url matches local rating
When I click " Login button" on www.bicevida.cl the log doesn' t show anything extra my logs are only when the webpage load for the first time and there is no problem on the first page, the problem is when I try to log in.
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If you receive some kind of 404 page it means that the page does not exist on the server. It is not a webfitler problem. The webfilter will pass the connection or block it and you will see the webfilter blocking page.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Isn' t a 404
it just says " Internet Explorer cannot display the Webpage" but in Spanish
I Still don' t know what kind of Fortigate filter is acting on this Site.
The web EXIST
Unrestricted IP' s can access (LOG IN) without problems.
One more
One more
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a quick question: do your policies allow the ' restricted' group accessing the site using https protocol (443) ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checking the logs should help. If there is nothing in the logs then try to switch off the Security Profiles one by one and see when the webpage is allowed. In this way you can find what profile blocked it.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They Have access to HTTPS with SSL Inspection.
One more
One more
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Add Trusted Host on Dedicated Mgmt 122 Views
- Allowed to Use the Fortinet Logo... 108 Views
- Assistance to allow external access to... 383 Views
- Client certificate authentication to remote site 135 Views
- FortiGate 200A Not booting or Displaying... 162 Views
Labels
-
FortiGate
7,046 -
FortiClient
1,390 -
5.2
801 -
5.4
639 -
FortiManager
611 -
FortiAnalyzer
448 -
6.0
416 -
FortiAP
370 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
286 -
FortiMail
272 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
174 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
104 -
SSL-VPN
96 -
FortiGateCloud
94 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
48 -
FortiADC
45 -
Fortivoice
44 -
FortiEDR
43 -
SD-WAN
43 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
32 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
DNS
22 -
ZTNA
21 -
FortiConverter
21 -
Certificate
20 -
BGP
19 -
FortiGate v5.2
19 -
SAML
18 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
Interface
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
Web profile
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Proxy policy
6 -
Security profile
6 -
Traffic shaping policy
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
FortiAI
2 -
Application signature
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiCWP
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1041 | |
| 862 | |
| 513 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.