Hi all,
Briefly:
FG-90E, Explicit Proxy, Authentication rules.
Windows10 machine moved from HQ to remote office doesn't have Internet.
The long story:
We are replacing old router and old proxy with FortiGate-90E. This is done on 2 stages - replacing router and replacing proxy. 1st stage done. Now we configured Explicit proxy on the FG and done with rules (office365 here) so we are at the test phase where changing local PC proxy address should work. Explicit proxy works with authentication rules & ActiveDirectory.All is OK for HQ.
For the remote there are some old WindowsXP computers - working fine. One server had "IE enhanced security configuration", but after removing it it was working.
We thought we are done, but when one Windows10 machine was moved to the remote site there is no Internet.
Authentication is OK.
Windows firewall is off.
There's ping from W10 to FG and vice versa.
There are syn packets coming on FG interface and synack packets sending to the W10 machine, but the browser (Edge) says "waiting to connect to proxy" or something like that.
Let's say it again, this machine was working OK in the HQ. The WinXPs are working. (but they are scheduled for replacing with win10 :( )
I'm pretty sure there is something very simple in win10 conf that must be done, but don't know what.
I'm attaching basic topology.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Anyone?
Any idea, even stupid?
Is the problem win10 only ? ( have you tried other OSese other device android , macosx )
Are the DNS setting correct
have you ran diag debug flow cmds? if yes what's the responses?
PCNSE
NSE
StrongSwan
Thank you, emnoc.
For the other OSes we don't have much resources for testing as theres no wifi there (its a remote production site). As I mentioned before, widows server 2012 is working, bar the IE enh. config.
For the DNS, it should be OK, all machines get their settings via DHCP and WinXPs are working. Also the Win10 is getting IP in the correct network.
Unfortunately the admin responsible (and with credentials) is ill. I'll revive the topic after 2-3 days when he gets better.
Hi all.
Problem solved but unfortunately we don't know how. The power supply of one of the PIXes died and ISP replaced the PIX, probably with slightly different configuration, and now everything works fine.
So despite ISP words "we don't filter or change anything", it was a tunnel problem.
I'm thinking fragmentation issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.