I can't load some websites via fortigate

idepato · ‎08-12-2024

I have a Fortigate 200F and I can't load some websites. These are specific web pages and the number keeps increasing as I find new web pages.
I have turned everything off and I still cannot load these web pages.
Can you help me with this?

amuda · ‎08-13-2024

Hi @idepato ,

You might want to check this: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-pages-not-loading-or-taking-too-...

Amerul
APAC TAC

idepato · ‎08-13-2024

I've tried changing the MTU and other things and it still doesn't work. For example, fortinet.com doesn't work for me either. It's both interesting and strange

ozkanaltas · ‎08-13-2024

Hello @idepato ,

I faced a similar issue before. When I changed the mss value on the rule, the problem was solved. Can you try to change the mss value to 1350 or lower?

If it does not work for you, you can try to change the MTU value of the wan interface.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-adjust-the-Maximum-Transmission-Uni...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

idepato · ‎08-13-2024

Thank you, but It's still not working. It's very interesting and I don't know what to do with it. I've tried everything possible, but the site still doesn't work. It used to work for me, but one day it just stopped working. I've also tried calling the provider in question who owns the site in question, because it's the government and they won't block me. From them, the packets get to us, but it doesn't get to them. Also the fortinet.com site is not working and neither is the forigate documentation.

pkumari · ‎08-13-2024

@idepato , can you please provide the below debug & sniffer output, taking one problematic destination?

diag debug reset
diag debug flow show console enable
diag debug flow show function-name enable
diag debug flow show iprope enable
diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with destination ip of the communication.
diag debug flow trace start 10000
diag debug enable

Putty2 :

diag sniffer packet any “host x.x.x.x” 6 0 l <<<<< replace x.x.x.x with destination ip of the communication.

After running the commands please initiate the traffic to website and once the access is blocked /disconnected.
Please stop the debug using the below command

dia de dis

idepato · ‎08-13-2024

I have everything turned off, only through fortinet does not work given communication to certain sites.

hhasny · ‎08-13-2024

Hi @idepato ,

Can you PING the sites?

Can you traceroute the sites?

Check reachability from your Fortigate and client machines first. If they are reachable, run the command shared by pkumari.

regards,

arahman · ‎08-15-2024

also please check the logs, what does it says in the forward logs?

I can't load some websites via fortigate

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website