Fortiweb not forwarding to single back end server.

The_Nude_Deer · ‎02-11-2024

Really simple set up. I have a VIP which is just the interface (PORT 3) and I have a policy, that uses the VIP and a server pool of 1 backend web server, which is on the same VLAN, (one arm deployment I believe its called) this server is up and listening on port 80, the FWEB does nothing with it, so I must of missed something simple?

I do a capture, and can see the client come in, targeting port 8080. I see the 3-way handshake, but nothing get sent to the backend webserver?

I can ping the web server and do a telnettest on port 80 and it comes back "connected" really struggling to see whats wrong, back end server pool is all correct and listening on port 80

any silly mistakes I may have made?

The_Nude_Deer · ‎02-20-2024

Issue us resolved, thanks for your time, default Mgmt port is 8080, the same port used for Proxy listening! i changed this in settings to 8081 to free up 8080 to be used as the HTTP listener, the back end wasnt recieving traffic, as it was MGMT traffic! bit daft why it would use 8080 as the default HTTP for manangement!

View solution in original post

AEK · ‎02-11-2024

Enable traffic logs on the policy and redo the test. Then share what you see on both traffic log and attack log.

AEK

The_Nude_Deer · ‎02-11-2024

Fairly new to these. where is the logging for the policy? If I goto Policy > Server Policy and edit my policy, there is no option to enable traffic logs? EDIT : FOUND THE SETTING, looking at X-FORWARDED FOR setting too, these seem important?

AEK · ‎02-11-2024

Here it is:

https://community.fortinet.com/t5/FortiWeb/Technical-Tip-How-to-enable-traffic-logs-for-version-7-0-...

AEK

The_Nude_Deer · ‎02-12-2024

All of this is enabled, I don't see anything at all in the traffic log, which is kind of impossible!

AEK · ‎02-12-2024

Which FWB version are you using? I'd first fix the log issue otherwise troubleshooting will be almost impossible.

What do you see on the client's browser when you try?

AEK

The_Nude_Deer · ‎02-12-2024

Fortiweb-VM 7.22, Build 0344

Client sees "timeout - xxxxxx taking too long to respond"

Traffic Log is Enabled.

AEK · ‎02-12-2024

Then I'd start by updating to 7.2.7 which is the most stable of 7.2 versions. I've already seen log related issues (and other issues) in low patch versions.

AEK

The_Nude_Deer · ‎02-13-2024

We get the GET request on port 8080 on the VIP, then the next line on the capture is: status code 302, http 1.1 302 found (text/html)

it never send it to the back end.

AEK · ‎02-13-2024

302 = redirection.

It seems there is a redirection from your back end web server to another URL.

AEK

Fortiweb not forwarding to single back end server.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website