I have a Fortigate 200F and I can't load some websites. These are specific web pages and the number keeps increasing as I find new web pages.
I have turned everything off and I still cannot load these web pages.
Can you help me with this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @idepato ,
You might want to check this: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-pages-not-loading-or-taking-too-...
I've tried changing the MTU and other things and it still doesn't work. For example, fortinet.com doesn't work for me either. It's both interesting and strange
Hello @idepato ,
I faced a similar issue before. When I changed the mss value on the rule, the problem was solved. Can you try to change the mss value to 1350 or lower?
If it does not work for you, you can try to change the MTU value of the wan interface.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Thank you, but It's still not working. It's very interesting and I don't know what to do with it. I've tried everything possible, but the site still doesn't work. It used to work for me, but one day it just stopped working. I've also tried calling the provider in question who owns the site in question, because it's the government and they won't block me. From them, the packets get to us, but it doesn't get to them. Also the fortinet.com site is not working and neither is the forigate documentation.
@idepato , can you please provide the below debug & sniffer output, taking one problematic destination?
diag debug reset
diag debug flow show console enable
diag debug flow show function-name enable
diag debug flow show iprope enable
diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with destination ip of the communication.
diag debug flow trace start 10000
diag debug enable
Putty2 :
diag sniffer packet any “host x.x.x.x” 6 0 l <<<<< replace x.x.x.x with destination ip of the communication.
After running the commands please initiate the traffic to website and once the access is blocked /disconnected.
Please stop the debug using the below command
dia de dis
I have everything turned off, only through fortinet does not work given communication to certain sites.
Hi @idepato ,
Can you PING the sites?
Can you traceroute the sites?
Check reachability from your Fortigate and client machines first. If they are reachable, run the command shared by pkumari.
regards,
also please check the logs, what does it says in the forward logs?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.