Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MCGURUPRO
New Contributor

FORTINET - B200 - Cannot accest hosted company site externally

Gents

 

Good evening and thanks already if you got the time to help me out, not sure if this is in the right thread but:

 

Got a internal Active directory domain named, mydomain.com (yes i know not very clever), long story short bought a B200 to satisfy bandwidth managment and content management it owrk like a charm with AD integration, but now i have a small issue.

 

My company web site is hosted externally a suffix that equals my internal domain, i have to point my internal DNS servers to the external www.mydomain.com IP address.

 

if i use any ISP link external to my LAN i can open the web site (E.G. a 3G network), but on my LAN i just get a time out, altough i can resolve the name to the correct IP address internally the page does not open.

 

is there a security mesuare wihtin fortinet causing this situation? what is it? and can you help me to fix it?

 

I say this because if i take fortinet out of the equation and put the old CISCO ASA online all works fine.

 

Regards

1 Solution
Dave_Hall
Honored Contributor

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
3 REPLIES 3
Dave_Hall
Honored Contributor

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
MCGURUPRO

Dave Hall wrote:

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;115871&where=message&f=DNStranslation.gif[/attachImg]

Dave

 

Thank you very much, will give it a try this evening will keep the thread updated.

 

Regards

Rui

MCGURUPRO

Dave Hall wrote:

Edit: I think I misread the problem; it sounds more like an UTM/content filter blocking problem.  If you do have web filtering enabled on the Fortigate, you can check via "Security Profiles->Web Filter->Ratings Overrides->Create New", enter the FQDN or URL of your company's website and click "Lookup rating".  If the site is not rated or is rated under a "banned" category, you can always re-classify it under an allowed category.

 

[strike]The DHCP server (that is handing out IPs) for the local network should also be handing out a "local domain" label, so the local DNS server can perform a proper lookup/translation. [/strike] The dnstranslation option maybe something you could use as a workaround.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;115871&where=message&f=DNStranslation.gif[/attachImg]

Thanks Dave

 

It was the Look Up rating.

 

Cheers

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors