Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Car SMBv1 Application Server Issues
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Car SMBv1 Application Server Issues
Dear Guys,
I need your suggestions related to the weird issue on a Fortigate Firewall which is related to an SMBv2 Application.
As the Fortigate FW, Client and the Server lie in a single network and also I would say in a single subnet. Fortigate is running in a NAT-mode, also I have created a Virtual Wire Pair with the two interfaces whereas port15 is connected to a to Client and port 16 which is connected to a L3 Switch(MPLS Provider) where the Application Server resides.
Its a sort of a Car Application, that check the employees and revert the daily results of the working hours. However, with Fortiagte once I have login the application and trying to access through the Client it doesn't show anything only reverts with a blank page.
I have been stuck in this issue for 2 weeks. Even though I have been in contact with FortiTAC Support but they said Fortigate is working fine and there is a problem with the Application seems to be something on it after seeing the Packet Capture.
Whenever I tried to bypass the Fortigate the Application works and shows me the Output.
Note:
I have created a bidirectional Policy but nothing works.
I have tried to increase the session-ttl timeout, set tcp-timeout rst, set tcp-mss-receiver and sender on the Policy, set the MTU on the Router interface. Though the Client and Server send the RST Packets.
Changed the DNS of the FGT to the Internal DNS nothing happened. Though tried every possibility but nothing worked at all.
The firmware version of the Firewall is 6.0.10 as TAC Support recommends me to do that.
UTM Profiles are also disabled on the Policy and also on the Feature Visibility.
Any help would be appreciated.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- What do you mean by "blank page" ? When you try click on f12 on browser and then enter the application page, what response do you see there ?
Or do you mean it keeps loading and nothing happened?
- Does you application only uses SMBv2 and no other ports ? or you only suspect the problem is with SMBv2 ?
- You upgraded to 6.0.10 to see if this resolves the issue ? or you were all the time at 6.0.10 and never upgraded ?
- Did it happen to work with some other firewall other than fortigate ? or you never tried that , and only bypassed the fortigate ?
- Is it possible for you to post the output of:
diag debug reset
diag debug disable
diag debug flow filter <application destination ip>
diag debug flow trace start 1000
diag debug enable
After finishing disable the debug : diag debug disable
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you say SMB. What traffic are you actually expecting to transit this ? I am hoping this isn't a firewall to the internet too and the app server isn't on the internet?? SMBv1 is deprecated everywhere and is highly insecure. Do you really mean SMBv2 perhaps?
Agree on diag debug to get info on whats going on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes exactly the server isn’t on the Internet I have seen on the packet captures the application supposed to use SMBv2 but the customer said to me that the application uses SMBv1. The expected result would be the output of the working hours. It’s quite strange that the whole application works smoothly on the printer part of the application wouldn’t working as expected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So before 6.0.9 it worked properly with FortiGate? Or all the issue starts after installing FortiGate? Also, I'm not sure if this is related to your issue, but if application is using SMBv1, Then it worth checking with Fortinet TAC this:
414081 SMB1 support has been by default disabled under part models.Which released at v5.6.6 and 6.0.2 https://fortinetweb.s3.am....0.2-release-notes.pdf https://pub.kb.fortinet.c....6.6-release-notes.pdf
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, it never works on Fortigate whether it’s the 6.0.9 or 6.0.10 firmware version was concerned. Thank you for the information but that information is related to the SSL VPN as far as I know. I have read it already.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've came across situations were things didn't work after replacing firewall but most of them are related to MTU / TCP MSS issues .. But this should be shown in pcap which you already have done as you mentioned ..
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes but I have changed the MTU on the firewall and also on the interface and policy too. I have tried the Jumbo frame packets too but things wouldn’t work as expected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it keeps loading on and on and didn’t give me back the desired Output. The application uses port 445, 2003 port in which I have seen on the logs and that is Server Reset and Client Reset. Well issue starts with the 6.0.9 firmware and by the recommendation of TAC Support I have upgraded the firmware version to 6.0.10. I have bypassed the FW and it works as expected. In addition to this all of the application works perfectly only the printer part of the working hours showing a blank page with FGT. Fortinet TAC and I have captured a lot of packets seems like fortigate working properly and seems like an issue with an application layer after seeing the pcap files. But that’s not the reason as the application works with another old firewall like Microsoft ISA.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Issues Mapping Azure Files Storage After... 48 Views
- Migrating FortiClient EMS from v7.2.x to... 226 Views
- Fortigate DeepInspection - quic not working 603 Views
- Remove auto save feature on the... 203 Views
- issue sending backup to ftp server 243 Views
Labels
-
FortiGate
8,525 -
FortiClient
1,724 -
5.2
801 -
FortiManager
716 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
191 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
SSO
31 -
Interface
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1665 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.