Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
The_Nude_Deer
Contributor

Fortiweb not forwarding to single back end server.

Really simple set up. I have a VIP which is just the interface (PORT 3) and I have a policy, that uses the VIP and a server pool of 1 backend web server, which is on the same VLAN, (one arm deployment I believe its called) this server is up and listening on port 80, the FWEB does nothing with it, so I must of missed something simple?
I do a capture, and can see the client come in, targeting port 8080. I see the 3-way handshake, but nothing get sent to the backend webserver?
I can ping the web server and do a telnettest on port 80 and it comes back "connected" really struggling to see whats wrong, back end server pool is all correct and listening on port 80
any silly mistakes I may have made?
1 Solution
The_Nude_Deer
Contributor

Issue us resolved, thanks for your time, default Mgmt port is 8080, the same port used for Proxy listening! i changed this in settings to 8081 to free up 8080 to be used as the HTTP listener, the back end wasnt recieving traffic, as it was MGMT traffic! bit daft why it would use 8080 as the default HTTP for manangement!

View solution in original post

12 REPLIES 12
AEK
SuperUser
SuperUser

Enable traffic logs on the policy and redo the test. Then share what you see on both traffic log and attack log.

AEK
AEK
The_Nude_Deer

Fairly new to these. where is the logging for the policy? If I goto Policy > Server Policy and edit my policy, there is no option to enable traffic logs? EDIT : FOUND THE SETTING, looking at X-FORWARDED FOR setting too, these seem important?

AEK

AEK
The_Nude_Deer

All of this is enabled, I don't see anything at all in the traffic log, which is kind of impossible! 

AEK

Which FWB version are you using? I'd first fix the log issue otherwise troubleshooting will be almost impossible.

What do you see on the client's browser when you try?

AEK
AEK
The_Nude_Deer

Fortiweb-VM 7.22, Build 0344

Client sees "timeout - xxxxxx taking too long to respond

 

Traffic Log is Enabled.

 

 

AEK

Then I'd start by updating to 7.2.7 which is the most stable of 7.2 versions. I've already seen log related issues (and other issues) in low patch versions.

AEK
AEK
The_Nude_Deer

We get the GET request on port 8080 on the VIP, then the next line on the capture is: status code 302, http 1.1 302 found (text/html)

 

it never send it to the back end.

AEK

302 = redirection.

It seems there is a redirection from your back end web server to another URL.

AEK
AEK
Labels
Top Kudoed Authors