- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Some https website can' t be accessed...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some https website can' t be accessed...
Hi,
Since last day afternoon, it' s so strange that some staff cannot access to the https website like the e-banking, webmail via https...etc. This case is happened since last afternoon, the one would keep failed to access to the same https website if he found it' s failed since last afternoon, but some other https websites are working properly~ Even the same https website he can' t be accessed to, other staff may able to access.... so it' s not talking about the issues of the https website... I have no idea now... even both of the DNS server and FG are rebooted, the result is the same~
Anyone could help and give some direction? Thanks!! 
Protect yourself~ http://www.secunia.com
MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps a clue in this:
http://support.fortinet.com/forum/tm.asp?m=56138&p=1&tmode=1&smode=1
Would be interesting if these are related.
Bill
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Not applicable
Created on 11-25-2009 01:19 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My problem disappeared. What about yours?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well... it' s a different story~
Finally found that the e-banking https websites cannot be accessed due to the old IE version... it works now after upgrade the IE6 to IE7... (maybe the bank increased the security level or changed something in the same time?)
However, some other https websites are still need to wait for a long long time... most of them are self-signed cert. (i.e. the yahoo mail https url is OK)... may still need some time to monitor the status~~~
On the other hand, I may need to upgrade the firmware version from v402 b099 to the lastest one... as the apps control for the IM is crashed.... no login could be found anymore and even no control...
Protect yourself~ http://www.secunia.com
MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Not applicable
Created on 11-25-2009 05:25 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nothing to do with the bank changing their settings....
We' ve started to use our 310b for web filtering including ssl inspection and have no end of issues. Sites that were previously accessible via our old proxy no longer work through the FGT using IE6. Go via proxy and all works. Go via FGT and it doesn' t. Like you say though, an upgrade to IE7 seems to fix most sites.
What do we do with SSL sites still not working though? Allowing the sites using local ratings doesnt work, adding them as exempt in the URL filter doesnt work. Logs all say allowed/except but still just ' page cannot be displayed' . Nothing in the logs saying anything blocked either.
The only workaround i' ve got is to use an fqdn alias for each site and a seperate policy allowing the traffic. Hardly ideal with loads of sites blocked and having to add a policy for every single host that we need to access (which can be many per domain in some cases)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Under ' Advanced' in Internet Options, allow TLS 1.0. Works most of the time. Still a pain to visit every workstation....
Just got off the the phone with my SE. He had me turn of the proxy scanning in application control and that seemed to kick it. My Fortiguard is still active. I' ll have to see what other implications arise...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh..... yes! Thanks for your input, rwpatterson ~
It' s really working now once change the setting of the " Proxy - All application" in the Application Control from BLOCK to ALLOW, any SSL urls are now resumed as normal~~~ But anyone knows why the proxy blocking is related to the SSL url ??? Some SSL url is using the http proxy?
Protect yourself~ http://www.secunia.com
MBCS CEH FCNSA
Protect yourself~ http://www.secunia.com MBCS CEH FCNSA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I went into the application control log, saw Ultrasurf and Freegate getting through. After I blocked Freegate, the problem came back. :( So it seems to be just Freegate that' s causing it. On the phone now with support. Will keep you updated...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad I came across this thead. Within the last 5 days two important banking sites that load via https stopped working for us in our main office where I have a 200A. However those same sites work in our office across the street where I have a 80C.
Google works fine for me but oddly enough microsoft.com will not load.
I' ve also rebooted everything that could possibly be the problem. I even changed out DNS servers to verify it wasn' t a DNS issue. Routers & Switches have also been rebooted. I' ve disabled the WEB protection profile which made no difference.
I guess at this point Im going drop in an old ASA5505 in place of the 200A to verify its the 200A.
200A - v4.0,build0185,091020 (MR1 Patch 1)
80C - v4.0,build0178,090820 (MR1)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, clarification... It seems that the IPS definition delivered on the 21st was the issue. I downgraded to 2.666 and the problem has now been gone for 30 minutes straight. Still monitoring, but if you put in a ticket on this, have them reference my ticket 356455.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortinet Ansible Galaxy 96 Views
- What is the maximum number of... 249 Views
- New to fortigate, how to authorize... 171 Views
- enable 2FA for fortinet support 163 Views
- Blocked Web Site Adress 271 Views
Labels
-
FortiGate
7,188 -
FortiClient
1,419 -
5.2
801 -
5.4
639 -
FortiManager
621 -
FortiAnalyzer
458 -
6.0
416 -
FortiAP
376 -
FortiSwitch
375 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
116 -
IPsec
110 -
SSL-VPN
109 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
FortiSandbox
34 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
LDAP
21 -
FortiConverter
21 -
Certificate
21 -
SAML
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
Routing
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiLink
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
SSL SSH inspection
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
System settings
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1077 | |
| 892 | |
| 529 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.