Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Long delays in connections through firewall

Hi all We have a FGT-60B which has suddenly started playing up. Firmware version is 3.00-b0668(MR6 patch 2) We use it for our general internet access and also for traffic to our hosted web site. Within the last 2 weeks, we' ve been experincing long delays (average around 30 seconds) when trying to browse to internet sites. Sometimes the site will come up after the delay and then be OK, sometimes it will load the page very slowly, sometimes you' d get an error saying the page could not be displayed. On our hosted site, customers have been reporting the same problems. I' ve traced the problem to communications across the firewall' s zones, by doing the following testing: Accessing our web server by it' s internal IP address (INT-->DMZ interface) and also by it' s public URL (the IP of which is on the WAN2 interface that is then routed to the DMZ interface so I assume INT>WAN2>DMZ). The DMZ only connectionis absolutely fine, but when browsing to the site using the public IP it is very slow. I assume that our general internet problems (internal -->WAN1) are caused by a similar interface-interface problem. We have limited reporting on the firewall, the memory and CPU usage is within tolerable limits, and really I don' t know what to do to troubleshoot this. I have of course rebooted the firewall and this has had no effect. Can anyone suggest what this might be or suggest some things to try? Thanks Andy
26 REPLIES 26

Hi Bro , Thank for suggestion!4.2.2.2 is which DNS?Previously our fortigate is point to our local DNS server ,secondary is point to ISP DNS server !when i plug direct, i m using ISP DNS server for both ! jason
Troy_Sorzano
New Contributor

Whenever we need to test DNS we use 4.2.2.2 because it is easy to remember. It helps prove if a DNS problem is with your local DNS or ISP DNS. In your case you can set the fortigates DNS to use only your ISP' s DNS to take your internal DNS out of the loop. If that does not help try 4.2.2.2 for both. Here is info about the Level 3 DNS serves 4.2.2.[1-6] http://www.tummy.com/Community/Articles/famous-dns-server/ I am not saying DNS is your problem but it is worth ruling out. Troy

Hi troy, We already change the dns setting to 4.2.2.2 or other public DNS address also the same !And for client side we also point primary and sencondary DNS to public still remain the same issue! After that we try to upgrade firmware from 4.0.3 to 4.0.4 also not use!Since the problem cannot solve we try to replace another unit of fortigate 300 (my old unit) and apply with current setting and policy ,all going fine and good like previously! wat happen for our fortigate 310B?? jason

Hi, I' m the OP on this thread and I' m reporting back on the solution to our problem The delays we were experincing were caused by a crashing scanunit demon (process scanunitd) within the firewall. The crashes were being caused by the ' banned word check' that we had against our SMTP protection profile. The checks were old but I' m told that the scanunit had been updated and wasn' t compatible with the checks! Once we turned off the banned word check, the crashing went away. I have enabled some other checks which were turned off (IP check and URL check) which so far have kept our spam level constant. It was a long wait between us originally reporting the problem to fortinet and getting it fixed, the service is extreeeeeeemely slow, but we got there in the end. Andy.
Daniel_Herbon

AndyCole, QUick question. How did you track it down to the " Banned Word Check" ?
cmberry

Hi, I' m the OP on this thread and I' m reporting back on the solution to our problem The delays we were experincing were caused by a crashing scanunit demon (process scanunitd) within the firewall. The crashes were being caused by the ' banned word check' that we had against our SMTP protection profile. The checks were old but I' m told that the scanunit had been updated and wasn' t compatible with the checks! Once we turned off the banned word check, the crashing went away. I have enabled some other checks which were turned off (IP check and URL check) which so far have kept our spam level constant. It was a long wait between us originally reporting the problem to fortinet and getting it fixed, the service is extreeeeeeemely slow, but we got there in the end. Andy.
Good to see you got it fixed. I am seeing alot of similar " page not found" / " page could not be displayed" errors. Refresing fixes it, but it is very annoying and I believe is also causing alot of downloads to fail part way through.
QUick question. How did you track it down to the " Banned Word Check" ?
I would like to know too. My open ticket seems to be taking a LONG time for tech to get to.... I want to see if I can prove / disprove the same problem as you had.
Not applicable

Hi guy, My 310B fortigate in 0% CPU usage and memory usage 25% condition also having delay and slow when load the page ,sometimes you' d get an error saying the page could not be displayed. Firmware version is v4.0.3,build0106,090616 AV Definitions 11.00648 (Updated 2010-04-03) It happen on my 2 customer in same area but differenet building and ISP for the same model in this week! jason
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors