- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Cannot to reach port 443 only from some connectivi...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot to reach port 443 only from some connectivity
Hello
We have a "strange" problem with an FG-40F
From some connections (ISP) port 443 is not reachable while from others it works regularly.
When try to open the port you are asked to accept the insecure ssl certificate, but then the browser "stalls" loading endlessly.
The firewall has a dedicated and direct fixed IP provided by the connectivity provider.
The very strange thing is that on some the connectivity works normally while on others it presents this symptom.
Any suggestions?
Thank you
Labels:
- Labels:
-
FortiGate
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello DType,
I think the problem with the endless loading might be caused by MTU. I suggest to try lower it to like 1399 and try again to connect.
In my country, some ISPs have problem like this and we are forced to lower MTU in order to connect.
==============================
Not all those who wander are lost
==============================
Not all those who wander are lost
==============================
==============================Not all those who wander are
lost==============================
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @DType,
Are you using port 443 to access the FortiGate itself? If so, do you have trusted hosts configured under admin account? Please also check the TLS protocol it is using. https://community.fortinet.com/t5/FortiGate/Technical-Tip-System-administrator-best-practices/ta-p/1...
You can also try a different browser and clear browser's cache as well.
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Dtype
### 1. **Check Firewall Rules:**
Ensure that the firewall rules on the FortiGate are correctly configured to allow traffic on port 443 from all IPs. There might be a rule that is blocking traffic from certain IP ranges or ISPs.
### 2. **Inspect SSL/TLS Settings:**
Check the SSL/TLS settings on the FortiGate for any misconfigurations. Ensure that the correct SSL certificate is being presented and that it is not expired. Also, check if the SSL/TLS protocol versions supported by the FortiGate are also supported by the clients trying to connect.
### 3. **Check ISP Routing:**
It’s possible that the issue might be related to the routing on the ISP's end. Some ISPs might have routing issues or peering problems that could cause certain ports to be unreachable. Try reaching out to the ISPs in question to check if they are experiencing any issues.
### 4. **Review Logs:**
Review the logs on the FortiGate firewall to see if there are any error messages or warnings related to connections on port 443. The logs might provide more information on why the connections are being blocked or stalled.
### 5. **Test with Different Browsers/Clients:**
If possible, test the connectivity with different browsers and clients to see if the issue persists. This can help determine if the problem is specific to a certain browser or client configuration.
### 6. **Update Firmware:**
Ensure that the FortiGate firewall is running the latest firmware version. Firmware updates often include fixes for known issues and might resolve the connectivity problem.
### 7. **Contact Fortinet Support:**
If you are unable to resolve the issue with the above steps, consider reaching out to Fortinet Support for further assistance.
Remember to make any changes carefully and to back up your configurations before making changes to the firewall settings.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @DType,
What is the flow of the network and the destination for this 443? Are you trying to access GUI of the FortiGate or what is the connection for? Please also run the following commands when try to connect:
diag debug reset
diag debug flow filter addr X.X.X.X (destination IP)
diag debug flow filter port 443
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999
Regards,
Minh
Related Posts
- STATIC Public IP /32 103 Views
- How packets find their way back... 120 Views
- fortigate ipsec s2s VPN with starlink... 371 Views
- Unable to connect to JPIX's V6... 197 Views
- FortiNAC not responding to PA connections 318 Views
Labels
-
FortiGate
6,608 -
FortiClient
1,318 -
5.2
801 -
5.4
639 -
FortiManager
572 -
FortiAnalyzer
417 -
6.0
416 -
5.6
362 -
FortiSwitch
339 -
FortiAP
337 -
FortiClient EMS
269 -
6.2
251 -
FortiMail
248 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
152 -
6.4
128 -
FortiNAC
108 -
FortiGuard
103 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
73 -
FortiToken
72 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
63 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
26 -
SD-WAN
26 -
FortiConnect
24 -
High Availability
22 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiPortal
18 -
FortiAuthenticator
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.