Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Long delays in connections through firewall

Hi all We have a FGT-60B which has suddenly started playing up. Firmware version is 3.00-b0668(MR6 patch 2) We use it for our general internet access and also for traffic to our hosted web site. Within the last 2 weeks, we' ve been experincing long delays (average around 30 seconds) when trying to browse to internet sites. Sometimes the site will come up after the delay and then be OK, sometimes it will load the page very slowly, sometimes you' d get an error saying the page could not be displayed. On our hosted site, customers have been reporting the same problems. I' ve traced the problem to communications across the firewall' s zones, by doing the following testing: Accessing our web server by it' s internal IP address (INT-->DMZ interface) and also by it' s public URL (the IP of which is on the WAN2 interface that is then routed to the DMZ interface so I assume INT>WAN2>DMZ). The DMZ only connectionis absolutely fine, but when browsing to the site using the public IP it is very slow. I assume that our general internet problems (internal -->WAN1) are caused by a similar interface-interface problem. We have limited reporting on the firewall, the memory and CPU usage is within tolerable limits, and really I don' t know what to do to troubleshoot this. I have of course rebooted the firewall and this has had no effect. Can anyone suggest what this might be or suggest some things to try? Thanks Andy
26 REPLIES 26
rwpatterson
Valued Contributor III

My ' out-of-the-box' question... Why not update the firmware to a newer patched version? Your version is kind of dated...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Thanks Bob, I was wondering when someone was going to suggest that! Yes, it' s an out of date firmware, but that doesn' t explain how all of a sudden it appears overloaded, does it? Unless there' s a fix specific to this problem in a newer firmware, I don' t see how upgrading is going to help me. And if there was a specific problem, I' m sure I would have found evidence of it by now, but nobody (by that I mean google) seems to know what this scanunitd is. If it was a known problem, there would be history available for me to find. Andy.
Not applicable

Ooh, I just found this: AV definition blocking firewall That was also posted today and refers to the same AV definition we have. So, how do I manually download the AV definition? Andy
rwpatterson
Valued Contributor III

Go to the support web site. After login, on the left, one of the options should be to get A/V signatures.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Great, I have now applied the AV file. I killed scanunitd and it came back immediately as I would expect, and the CPU usage is still into the 90' s. I don' t have to reboot after a manual update do I? Andy.
rwpatterson
Valued Contributor III

I don' t believe a reboot is necessary....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

OK, well, I' ve had some response from fortinet and they confirm a crashing AV scanner. I have now upgraded firmware to 3.0 MR7 patch 8, updated AV and IPS signatures and the problem is still there. I' m waiting for the fortinet engineer to log in and look at it. I shall report back with any news, at least to help anyone looking at this thread in future. Andy.
Jshaw
New Contributor

run this command to see what is crashing " diag debug crashlog read" and post the results.
Not applicable

Hi all, I having same problem on surfing some website!i try to disable the web filtering or remove any protection profile from my policy, it still like that!But some webiste can open, some cannot! I try to reboot fg 310B but still the same! After that i try to execute this command (diag test application dnsproxy 1)in my fortigate command line then reboot it !After that it normal back !The website i cannot open, now can already ! After few hours later it happen again !Why ?Help pls ! I try to bypass fortigate, and direct plug to my service provider modem from my laptop ,all website browsing normally !No issue happen !But when i pluged back to my fortigate it happen again ?why? The thing that i curious is it happen on my 2 unit 310B in same area same week same problem but different building! Try to bypass the fortigate and direct to ISP no issue at all !Help Guy! jason
Troy_Sorzano
New Contributor

check the DNS settings on both fortigates. When you plug directly into the ISP make sure you use the same DNS servers. or you might want to try 4.2.2.2 for dns as a test. Troy
Labels
Top Kudoed Authors