- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- HTTPS Timeout but http can access
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HTTPS Timeout but http can access
Hi,
I'm new to this Fortigate Firewall. I have an issue regarding Firewall 500D which user can access url by using HTTP but HTTPS cannot access. The page shown was not Fortigate Blocking page but it says The Site Can't Be Reached. My firewall firmware version is v5.2.10,build742 (GA). I'm new here so any more specific detail, I try to provide.
Thank You
P/S: sorry for my bad english
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Qs:
Have you use a 3rd party to confirm HTTPS is working on that site? Do you have a policy allowing the webclient to the HTTPS website? Do you have any diag debug flow showing the traffic matching and if any SNAT if applicable? Are you 100% sure the client is not mis-configure or has some proxy configuration left over that's not warrant
i would start with a cli-cmd diag debug flow and filter and follow the evidence, but you have to start some diagnostic and collections
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The website can be access from different network using the https url. Can be access from smartphone. The policy from firewall allow https. All https website can be access but only this website can't be access using https. All of the users can't access the https url. The log traffic from the website as the https action become timeout but http can be access.
This is the diag debug flow I have execute.
vtag->sip[0] 8328bbd2, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 37062, vtag->mtu 1500, vtag->flags 2, vtag->np6_index 192"
id=20085 trace_id=140 func=print_pkt_detail line=4478 msg="vd-root received a packet(proto=6, 10.10.25.60:50834->23.15.10.87:54448) from port9. flag, seq 3396418449, ack 0, win 8192"
id=20085 trace_id=140 func=init_ip_session_common line=4631 msg="allocate a new session-003291b1"
id=20085 trace_id=140 func=vf_ip4_route_input line=1596 msg="find a route: flags=00000000 gw-210.187.40.190 via port11"
id=20085 trace_id=140 func=fw_forward_handler line=686 msg="Allowed by Policy-202: SNAT"
id=20085 trace_id=140 func=__ip_session_run_tuple line=2597 msg="SNAT 10.10.25.60->210.187.40.131:50834"
id=20085 trace_id=140 func=np6_hif_nturbo_build_vtag line=791 msg="np6_hif_nturbo_build_vtag: vtag->magic d153beef, vtag->coretag 133, vtag->vid 0
vtag->sip[0] 8328bbd2, vtag->sip[1] 0, vtag->sip[2] 0, vtag->sip[3] 0
vtag->sport 37574, vtag->mtu 1500, vtag->flags 2, vtag->np6_index 192"
id=20085 trace_id=141 func=print_pkt_detail line=4478 msg="vd-root received a packet(proto=6, 10.10.25.60:50832->23.15.10.87:54448) from port9. flag, seq 2322171440, ack 0, win 8192"
id=20085 trace_id=141 func=resolve_ip_tuple_fast line=4541 msg="Find an existing session, id-0032919f, original direction"
id=20085 trace_id=141 func=__ip_session_run_tuple line=2597 msg="SNAT 10.10.25.60->210.187.40.131:50832"
id=20085 trace_id=141 func=np6_hif_nturbo_build_vtag line=791 msg="np6_hif_nturbo_build_vtag: vtag->magic d153beef, vtag->coretag 133, vtag->vid 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition to Emnoc's questions, we would definitely need more information about this.
1) Is it just a single or multiple HTTPS sites that you have this symptom with?
2) Does the problem occur with multiple browsers?
3) Have you identified the policy that matches the traffic towards the HTTPS sites? If yes, by right-clicking it you should jump straight to its relevant logs so you can share them with us.
4) Have you configured SSL Inspection on that policy?
5) The users affected. Do they all belong to the same group, subnet, vlan etc or not?
6) Is this a new issue? If yes, have there been any changes on your FGT at all lately?
Thanks.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+,
MTA Security, ITIL v3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I think you use web filter and some categories are blocked. I have same issue with my fortigate. If url is not allow you have an https error and if you try to continue you received a message of fortigate with the reason.
Related Posts
- access problems towards vpn s2s 149 Views
- Fortigates with PPPoE WAN suddenly need... 210 Views
- To redirect/rewrite website root URL to... 161 Views
- ZTNA not working. Help please. 256 Views
- SSO on Self-Service Portal FortiAuthenticator 125 Views
Labels
-
FortiGate
6,507 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
71 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiAuthenticator
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.