Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DasFX
New Contributor

Can' t access to an allowed web

I tried Forticare but after they ask Config File I didn' t get any other answer (in a week or more) Here is the thing I need restricted users in my Work to entero to a Banking Page, there is 2 Profiles: Unrestricted people can access to " http://www.bicevida.cl/" and " https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login" . Restricted users also can access to http://www.bicevida.cl/ (Where they Log in) but after they Log it should redirect to a second webpage but it doesn' , it just sit down in a kind of 404 with URL wwww.bicevida.cl https://acceso.bicevida.cl/pls/orasso/orasso.wwsso_app_admin.ls_login and this one Both webpages are withelisted in Fortiguard AND our Firewall (300c)
One more
One more
12 REPLIES 12
Adrian_Buckley_FTNT

The best way to figure out what' s happening is to run a debug while someone access the website diab deb url src-addr (enter the source IP) diag deb app url 255 diag deb en After that go to the URL from that src-addr. The debug output will show all the URLs that the FortiGate is filtering .. what is being allowed and what is being blocked. Maybe there' s a direct or some kind of sub-page being accessed that is getting denied, but the block page isn' t showing up due to the nature of the page that was blocked.
DasFX
New Contributor

diab deb url src-addr
FG300C3913600481 # diab deb url src-addr 192.168.2.238 Unknown action 0
One more
One more
rwpatterson
Valued Contributor III

diag mistype

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
DasFX
New Contributor

I' m sorry for not catching the typo, was so obvious. Connected FG300C3913600481 # diag deb url src-addr 192.168.2.238 FG300C3913600481 # diag deb app url 255 FG300C3913600481 # diag deb en FG300C3913600481 # msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226182, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225960, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /WSEnvioClaveV2/faces/ingreso.jspx?" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/faces/Login.jspx?" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226179, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/login.php" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226180, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /contacto" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226183, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /productos-slide" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=app.bicevida.cl:80, id=225961, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /Login2.0-Autoenrolamiento/servletcaptcha" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226193, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.eot?" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226195, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.woff" Url matches local rating msg=" received a request /tmp/.proxyworker000_0_0.url.socket, addr_len=38: d=www.bicevida.cl:80, id=226196, vfname=' root' , vfid=0, profile=' strict' , type=0, client=192.168.2.238, url_source=1, url=" /wp-content/themes/bicevida/library/fonts/glyphicons-halflings-regular.ttf" Url matches local rating When I click " Login button" on www.bicevida.cl the log doesn' t show anything extra my logs are only when the webpage load for the first time and there is no problem on the first page, the problem is when I try to log in.
One more
One more
AtiT
Valued Contributor

Hi, If you receive some kind of 404 page it means that the page does not exist on the server. It is not a webfitler problem. The webfilter will pass the connection or block it and you will see the webfilter blocking page.

AtiT

AtiT
DasFX
New Contributor

Isn' t a 404 it just says " Internet Explorer cannot display the Webpage" but in Spanish I Still don' t know what kind of Fortigate filter is acting on this Site. The web EXIST Unrestricted IP' s can access (LOG IN) without problems.
One more
One more
netmin
Contributor II

Just a quick question: do your policies allow the ' restricted' group accessing the site using https protocol (443) ?
AtiT
Valued Contributor

Checking the logs should help. If there is nothing in the logs then try to switch off the Security Profiles one by one and see when the webpage is allowed. In this way you can find what profile blocked it.

AtiT

AtiT
DasFX
New Contributor

They Have access to HTTPS with SSL Inspection.
One more
One more
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors