Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Systemgeek2
New Contributor

Seeing what the real destination is when connecting to a wildcard proxy

I have Fortigate 7.6.2, FortiManager 7.6.2 and FortiClient EMS 7.4.  

 

We are switching over to ZTNA and I have created a wildcard.example.com proxy for port 443 that most users see.  I have another wildcard.test.com proxy port 443 that is not seen by most people yet I have a few users that have some background process that is trying to access something that matches wildcard.test.com on port 443.  This connection fails and floods the user with ZTNA error 65 popups.

 

The 2 users are running Macos so I got a copy of the logs but I am not seeing the real URL they are trying to access.  Only that they are trying to match the policy for wildcard.test.com proxy port 443 and its failing.  I see the same thing on the Fortigate.

 

Is there anyway I can see what the real url is they are trying to go to?

3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Hello Systemgeek2, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Regards,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Regards,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello again Systemgeek2,

 

I found this solution. Can you tell us if it helps, please?

 

To identify the real URL that users are trying to access, you can follow these steps:

 

  1. Enable Detailed Logging: Ensure that detailed logging is enabled on your FortiGate for ZTNA traffic. This can help capture more information about the traffic, including the requested URLs.

  2. Check FortiGate Logs:
    - Go to **Log & Report > ZTNA Traffic** on your FortiGate.
    - Look for entries related to the users in question. Check if any additional details in the logs might indicate the specific URL or domain being accessed.

  3. Use CLI for Detailed Logs:
    - Use the CLI to filter and display ZTNA logs:
    execute log filter category 0
    execute log filter field subtype ztna
    execute log display
    - Review the logs for any additional information that might not be visible in the GUI.

  4. FortiClient EMS Logs: Check the FortiClient EMS logs for any additional details about the connection attempts. Sometimes, the client-side logs can provide more context about the requests being made.

  5. Network Packet Capture: If the above steps do not reveal the URL, consider performing a packet capture on the FortiGate or the user's device to analyze the traffic and identify the specific URL being accessed.

 

By following these steps, you should be able to gather more information about the real URL that is causing the ZTNA error 65 popups

Regards,

Jean-Philippe - Fortinet Community Team
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors