Hello
We have a "strange" problem with an FG-40F
From some connections (ISP) port 443 is not reachable while from others it works regularly.
When try to open the port you are asked to accept the insecure ssl certificate, but then the browser "stalls" loading endlessly.
The firewall has a dedicated and direct fixed IP provided by the connectivity provider.
The very strange thing is that on some the connectivity works normally while on others it presents this symptom.
Any suggestions?
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello DType,
I think the problem with the endless loading might be caused by MTU. I suggest to try lower it to like 1399 and try again to connect.
In my country, some ISPs have problem like this and we are forced to lower MTU in order to connect.
Hi @DType,
Are you using port 443 to access the FortiGate itself? If so, do you have trusted hosts configured under admin account? Please also check the TLS protocol it is using. https://community.fortinet.com/t5/FortiGate/Technical-Tip-System-administrator-best-practices/ta-p/1...
You can also try a different browser and clear browser's cache as well.
Regards,
Hello Dtype
### 1. **Check Firewall Rules:**
Ensure that the firewall rules on the FortiGate are correctly configured to allow traffic on port 443 from all IPs. There might be a rule that is blocking traffic from certain IP ranges or ISPs.
### 2. **Inspect SSL/TLS Settings:**
Check the SSL/TLS settings on the FortiGate for any misconfigurations. Ensure that the correct SSL certificate is being presented and that it is not expired. Also, check if the SSL/TLS protocol versions supported by the FortiGate are also supported by the clients trying to connect.
### 3. **Check ISP Routing:**
It’s possible that the issue might be related to the routing on the ISP's end. Some ISPs might have routing issues or peering problems that could cause certain ports to be unreachable. Try reaching out to the ISPs in question to check if they are experiencing any issues.
### 4. **Review Logs:**
Review the logs on the FortiGate firewall to see if there are any error messages or warnings related to connections on port 443. The logs might provide more information on why the connections are being blocked or stalled.
### 5. **Test with Different Browsers/Clients:**
If possible, test the connectivity with different browsers and clients to see if the issue persists. This can help determine if the problem is specific to a certain browser or client configuration.
### 6. **Update Firmware:**
Ensure that the FortiGate firewall is running the latest firmware version. Firmware updates often include fixes for known issues and might resolve the connectivity problem.
### 7. **Contact Fortinet Support:**
If you are unable to resolve the issue with the above steps, consider reaching out to Fortinet Support for further assistance.
Remember to make any changes carefully and to back up your configurations before making changes to the firewall settings.
Hi @DType,
What is the flow of the network and the destination for this 443? Are you trying to access GUI of the FortiGate or what is the connection for? Please also run the following commands when try to connect:
diag debug reset
diag debug flow filter addr X.X.X.X (destination IP)
diag debug flow filter port 443
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999
Regards,
Minh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.