Hello team!!!
We manage many Fortigates in different sites and recently upgraded all to 7.4.3
After this, we have problem accessing to some fortigates through some wan interfaces
For example I can access through wan2 but not through wan1, or in other cases, I cant access from wan1 nor wan2. The issue started after upgrading the firmware version to 7.4.3
The issue is that the page remains loading and wont load, keep trying to access but after some seconds the browser shows me that the page cannot be displayed
We use the same port to access to fortigates, different of the default 9443
* We tried to change the port but the issue persists
* We disabled and re-enabled https in each interface, with the same issue
* SSH works well in any interface
* We cannot connect to Fortigate with telnet, using the same port.
Any idea?
Thanks in advance.
Regards,
Damián
Solved! Go to Solution.
Hi @damianhlozano,
If you are using SDWAN, it matches this bug. Please refer to https://docs.fortinet.com/document/fortigate/7.4.3/fortios-release-notes/236526/known-issues
961796 |
When administrator GUI access (HTTPS) is enabled on SD-WAN member interfaces, the GUI may not be accessible on the SD-WAN interface due to incorrect routing of the response packet. Workaround: access the GUI using another internal interface that is not part of an SD-WAN link. |
Regards,
Hi,
- When you are connecting via the https check if the firewall is receiving the packets. You can use sniffer commands to verify if the packets are coming to the firewall. If packets are reaching are they reaching on correct interface and if the firewall is sending the response correctly.
- You can also check if there any local-in policy which could block the communication.
Regards,
Shiva
Hi!
I did a debug and I see the packets, I could not find any error in the output.
Local-in policies were not changed, but anyway I checked this and did not find any problem with this.
This seems to be the bug that hbac mentioned.
Thanks anyway!
Regards,
Damián
Hi @damianhlozano,
If you are using SDWAN, it matches this bug. Please refer to https://docs.fortinet.com/document/fortigate/7.4.3/fortios-release-notes/236526/known-issues
961796 |
When administrator GUI access (HTTPS) is enabled on SD-WAN member interfaces, the GUI may not be accessible on the SD-WAN interface due to incorrect routing of the response packet. Workaround: access the GUI using another internal interface that is not part of an SD-WAN link. |
Regards,
Thanks hbac,
It seems this is the problem. We have SD-WAN with all WAN interfaces in almost all Fortigates
I hope some future version could solve the issue.
Regards,
Damián
A factory reset is, in my mind, the best way to clear the configuration and retake access to the device. But the interface IP would be 192.168.1.99 after that https://vidmate.onl/ .
Too much work!!
I think I will wait for a new firmware release that solve the issue.
Thanks!!
Regards,
Damián
NOTE: This happened also with a WAN not member of a SD-WAN.
Maybe the bug is not only with SD-WAN members, but this is a bug for sure, because the issue started after upgrading all to 7.4.3
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.