Hello Team,
when the client tries to reach a specific url "http://fqdn:9999", in the log I see that the FQDN is resolved with the ip 208.91.112.55 (fortinet block page).
If I try to ping the FQDN from the fortigate cli, the ip that is resolved is correct but from the client it is 208.91.112.55.
Any suggestion?
Thanks for the support
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Had a customer once experience issues like this and it ended up being his dns server. It was failing to resolve hostnames so it would redirect to the dns block page. Then his dns server was caching the address and causing all sorts of issues.
Hi,
Please run the below commands to check where the traffic is going and which is the policy that match.
# diagnose sniffer packet any "host x.x.x.x and host y.y.y.y" 4 0 l
*** x.x.x.x is the Source IP address and y.y.y.y is the destination IP ***
ctrl+C to stop
Putty 2
-------
# diag debug reset
# diagnose debug flow filter addr x.x.x.x -->Source IP address
# diagnose debug flow filter addr y.y.y.y -->Destination IP address
# diag debug console timestamp enable
# diag debug flow trace start 9999
# diag debug enable
*** x.x.x.x is the Source IP address and y.y.y.y is the destination IP ***
*** Run for 5-10 minutes ***
# diagnose debug disable
# diag debug reset
Best regards,
Erlin
The policy that match is the correct policy.
Thanks
Hi @luca1994,
You have a DNS filter enabled and that website is being blocked by DNS filter. You can exempt it by using domain filter: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Static-DNS-filter-to-allow-block-DNS-queri...
Regards,
Hello @hbac,
Thank you for the feedback. In the policy the DNS filtering is not enabled. In the log section I see that it is the application control that blocks
Thansk for the support
BR
Had a customer once experience issues like this and it ended up being his dns server. It was failing to resolve hostnames so it would redirect to the dns block page. Then his dns server was caching the address and causing all sorts of issues.
Hi @omega332 ,
In this case the DNS server of the client is a Windows Server DNS, so in your opinion the problem is the cache of this DNS?
Thanks
BR
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1028 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.