My setup is a Fortigate 200D (proxy mode). Everything works fine except that it won't load a certain website I've found:
DNS can resolve the domain name into an IP 2.Debug flow : the traffic was allowed and forwarded. 3.execute ping: unreachable 4.execute traceroute : unreachable 5.sniffer : only ACK forwarded , no reply from the server. 6.on the logs, there are "send bytes" but no " received bytes."
Created a testing policy with no security profile enabled: doesn't work 8.Bypassing the firewall connection , connected a laptop directly to router::: the site loaded normally. I've tried reaching out to TAC assistant but seems like my device here is not covered for their support. This issue is quite mysterious for me, as I've tried everything i know so far . Is there any I've missed or any resolution you guys would like to suggest? Thank you and Merry Christmas, guys
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Salon09,
This KB below might help you, please create a policy for this site in which you will try different MSS values. I would start with 1000, then if it works adjust it accordingly:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Please let me know if it helps.
Regards,
"there are "send bytes" but no " received bytes."
Are you applying NAT?
Check in the log if the source IP has been NATed and NAT IP.
It seems no route back to the firewall from the router.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.