Hey guys,
Weird, my missus got a new ipad mini, and cant access the appstore through the fortigate. I can access it fine through the fortigate with my iphone.
I checked the logs related to her ipad and found that it looks like an MTU issue.
36.650701 192.168.1.114.65257 -> 8.8.8.8.53: udp 34
37.084957 8.8.8.8.53 -> 192.168.1.114.65257: udp 124
37.140830 192.168.1.114.63613 -> 23.59.2.217.443: syn 2666517093
37.903641 23.59.2.217.443 -> 192.168.1.114.63613: syn 556071130 ack 2666517094
37.960975 192.168.1.114.63613 -> 23.59.2.217.443: ack 556071131
37.966981 192.168.1.114.63613 -> 23.59.2.217.443: psh 2666517094 ack 556071131
38.240893 arp who-has 192.168.1.114 tell 192.168.1.99
38.368469 arp reply 192.168.1.114 is-at 40:b3:95:a3:dd:af
38.774807 23.59.2.217.443 -> 192.168.1.114.63613: ack 2666517291
38.776038 23.59.2.217.443 -> 192.168.1.114.63613: 556071131 ack 2666517291
38.777021 23.59.2.217.443 -> 192.168.1.114.63613: 556072571 ack 2666517291
38.777699 23.59.2.217.443 -> 192.168.1.114.63613: psh 556074011 ack 2666517291
38.881436 192.168.1.114.63613 -> 23.59.2.217.443: ack 556074011
38.882716 192.168.1.114.63613 -> 23.59.2.217.443: ack 556075227
39.736411 23.59.2.217.443 -> 192.168.1.114.63613: 556075227 ack 2666517291
39.736569 23.59.2.217.443 -> 192.168.1.114.63613: psh 556076667 ack 2666517291
39.801913 192.168.1.114.63613 -> 23.59.2.217.443: ack 556076850
39.853415 192.168.1.114.63613 -> 23.59.2.217.443: psh 2666517291 ack 556076850
39.854624 192.168.1.114.63613 -> 23.59.2.217.443: psh 2666517558 ack 556076850
39.855877 192.168.1.114.63613 -> 23.59.2.217.443: psh 2666517564 ack 556076850
40.777677 23.59.2.217.443 -> 192.168.1.114.63613: ack 2666517633
40.777937 23.59.2.217.443 -> 192.168.1.114.63613: psh 556076850 ack 2666517633
40.826090 192.168.1.114.63613 -> 23.59.2.217.443: ack 556076925
40.828120 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076925
40.828336 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
40.829646 192.168.1.114.63613 -> 23.59.2.217.443: psh 2666519081 ack 556076925
41.498315 23.59.2.217.443 -> 192.168.1.114.63613: ack 2666517633
41.645186 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076925
41.645402 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
43.847457 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076925
43.847681 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
48.597583 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076925
48.597810 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
51.592591 192.168.1.114.5353 -> 224.0.0.251.5353: udp 161
57.131017 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076925
57.131245 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
58.780606 23.59.2.217.443 -> 192.168.1.114.63613: psh 556076925 ack 2666517633
58.780711 23.59.2.217.443 -> 192.168.1.114.63613: fin 556076978 ack 2666517633
58.849678 192.168.1.114.63613 -> 23.59.2.217.443: ack 556076978
58.851434 192.168.1.114.63613 -> 23.59.2.217.443: 2666517633 ack 556076978
58.851653 192.168.1.99 -> 192.168.1.114: icmp: 23.59.2.217 unreachable - need to frag (mtu 1492)
61.963262 23.59.2.217.443 -> 192.168.1.114.63613: fin 556076978 ack 2666517633
62.022305 192.168.1.114.63613 -> 23.59.2.217.443: psh fin 2666519110 ack 556076978
63.072465 23.59.2.217.443 -> 192.168.1.114.63613: rst 556076978
Any ideas what I can do that might fix this?
Cheers,
Ed