Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
salon09
New Contributor

Fortigate won't load a certain website.

My setup is a Fortigate 200D (proxy mode). Everything works fine except that it won't load a certain website I've found:

DNS can resolve the domain name into an IP 2.Debug flow : the traffic was allowed and forwarded. 3.execute ping: unreachable 4.execute traceroute : unreachable 5.sniffer : only ACK forwarded , no reply from the server. 6.on the logs, there are "send bytes" but no " received bytes."

Created a testing policy with no security profile enabled: doesn't work 8.Bypassing the firewall connection , connected a laptop directly to router::: the site loaded normally. I've tried reaching out to TAC assistant but seems like my device here is not covered for their support. This issue is quite mysterious for me, as I've tried everything i know so far . Is there any I've missed or any resolution you guys would like to suggest? Thank you and Merry Christmas, guys

https://9apps.ooo/
2 REPLIES 2
anikolov
Staff
Staff

Hello Salon09,

 

This KB below might help you, please create a policy for this site in which you will try different MSS values. I would start with 1000, then if it works adjust it accordingly:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518

 

Please let me know if it helps.

Regards,

Aleksandar Nikolov
Mohamed_Gaber
Contributor

"there are "send bytes" but no " received bytes."

Are you applying NAT?

Check in the log if the source IP has been NATed and NAT IP.

It seems no route back to the firewall from the router.

Mohamed Gaber
Cell : +201001615878
E-mail : mohamed.gaber@alkancit.com
Mohamed GaberCell : +201001615878E-mail : mohamed.gaber@alkancit.com
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors