Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MCGURUPRO
New Contributor

Created on ‎10-27-2014 11:53 AM

FORTINET - B200 - Cannot accest hosted company site externally

Gents

 

Good evening and thanks already if you got the time to help me out, not sure if this is in the right thread but:

 

Got a internal Active directory domain named, mydomain.com (yes i know not very clever), long story short bought a B200 to satisfy bandwidth managment and content management it owrk like a charm with AD integration, but now i have a small issue.

 

My company web site is hosted externally a suffix that equals my internal domain, i have to point my internal DNS servers to the external www.mydomain.com IP address.

 

if i use any ISP link external to my LAN i can open the web site (E.G. a 3G network), but on my LAN i just get a time out, altough i can resolve the name to the correct IP address internally the page does not open.

 

is there a security mesuare wihtin fortinet causing this situation? what is it? and can you help me to fix it?

 

I say this because if i take fortinet out of the equation and put the old CISCO ASA online all works fine.

 

Regards

3749
0 Kudos
1 Solution
Dave_Hall
Honored Contributor

Created on ‎10-27-2014 12:21 PM

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
34 KB
1851
0 Kudos
3 REPLIES 3
Dave_Hall
Honored Contributor

Created on ‎10-27-2014 12:21 PM

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
34 KB
1852
0 Kudos
MCGURUPRO
New Contributor
In response to Dave_Hall

Created on ‎10-29-2014 12:31 AM

Dave Hall wrote:

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;115871&where=message&f=DNStranslation.gif[/attachImg]

Dave

 

Thank you very much, will give it a try this evening will keep the thread updated.

 

Regards

Rui

1815
0 Kudos
MCGURUPRO
New Contributor
In response to Dave_Hall

Created on ‎11-03-2014 12:36 AM

Dave Hall wrote:

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;115871&where=message&f=DNStranslation.gif[/attachImg]

Thanks Dave

 

It was the Look Up rating.

 

Cheers

1815
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.