Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
teddyb
New Contributor II

Created on ‎07-15-2025 06:16 AM

Intermittent connection problems from iPhones

Hello,

 

We're running a pair of FortiGate 121G (v7.2.11 build1740) in active/standby mode, acting as a gateway/DNS and DHCP server for the wireless guest users.


The Security Policy along with the DNS Filter policy is very generous with literally nothing blocked.

 

There are absolutely no issues with any laptop (Windows or Mac) and Android phones/tablets, but I have consistent issues coming from iPhones. It takes some time to load any page and sometimes it works fine and sometimes it just times out. Reloading the page seems to help.

 

I initially blamed Private Relay, but turning it off doesn't seem to help, and there is nothing in my policy that could affect it. Everything is under DHCP and it's the same SSID for all devices.

 

Would greatly appreciate any tips since I can't find any errors in the logs, nor traces that some web resources are blocked.

 

Thanks.

Labels:
380
0 Kudos
1 Solution
teddyb
New Contributor II

Created on ‎07-18-2025 04:31 AM

It appeared to be a mix of QUIC and Private Relay issues.  

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-iCloud-Private-Relay-from-byp... seemed to help.

View solution in original post

263
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎07-15-2025 08:23 AM

Hi Teddy

First thing is to enable all logs in the related rules and in the implicit deny rules as well, reproduce the issue and see if you get any relevant logs.

AEK
AEK
355
0 Kudos
teddyb
New Contributor II
In response to AEK

Created on ‎07-15-2025 08:46 AM

Hi @AEK , thanks for you reply!

I log everything and so far couldn't find anything that was blocked, however, I think I noticed that it might have to do with the DNS resolution.

There is a ping utility installed on my iPhone, and when it happens, I can ping 8.8.8.8 without any issues, however, no URLs could be pinged (cannot resolve).

 

DHCP is configured on the Fortigate, and the DNS for DHCP clients is set to be the internal IP of the gateway itself.  Looking at the DNS I noticed that one of them is unreachable -- could that be an issue? But then why no other devices are affected?

 

Capture.PNG

347
0 Kudos
AEK
SuperUser
SuperUser
In response to teddyb

Created on ‎07-15-2025 09:40 AM

Hi Teddy

I don't know if iPhone has a special way to use DNS, but all I know is if your iPhone can't do DNS resolution then it can't use the network.

AEK
AEK
332
0 Kudos
teddyb
New Contributor II

Created on ‎07-18-2025 04:31 AM

It appeared to be a mix of QUIC and Private Relay issues.  

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-iCloud-Private-Relay-from-byp... seemed to help.

264
hokilno2
New Contributor

Created on ‎07-18-2025 07:21 AM

I switched over from android to iPhone in part because my Galaxy S3 was an incredible phone - but I would constantly run into some wifi issues. At my workplace it would never renew its lease properly. As soon as I got my 6s all those problems went away and it just worked properly.

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
246
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.