Hello everybody,
We have branch office's in Europe (Austria, Germany, Serbia).
From today all location's have problem with network connectivity.
We are getting this error message when we are using our internal DNS servers:
"Web Page Blocked" or ERR_CERT_AUTHORITY_INVALID
I was in a call with Fortinet support for probably 4 hours but still we didn't find a solution.
It has to do probably something with European time change over the weekend.
All our traffic is being redirected to the FortiGuard SDNS servers, in this case to 208.91.112.55
Our DNS servers cant resolve anything, everything is being resolved to the exact ip address: 208.91.112.55
We also created a new policy without any UTM profiles but it's still the same.
They think that is some Fortinet internal problems and I'm waiting for them to give me some update.
Does anybody else had similar issues?
When we change DNS settings on clients machines to 8.8.8.8 browsing works.
All locations have their own DNS servers.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Infotech22,
Are the internal DNS server's pointing to fortiguard servers? You could try changing the forwarders to 8.8.8.8 and then on the fortigate restarting the following daemons listed:
diagnose test app urlfilter 99
diagnose test application dnsproxy 99
Created on 04-01-2024 08:29 AM Edited on 04-01-2024 08:29 AM
Hello Anthony,
Yes, they already tried that solution.
Currently in the Network > DNS we have "Use FortiGuard Servers" configured.
They already tried with statically configuring 8.8.8.8 but the problem was the same.
"96.45.45.45" and "96.45.45.45" are being used dynamically for FortiGuard.
Port for FortiGuard is set to 443 HTTPS. When testing the connectivity everything is okay.
Hello,
We just experienced the same issue with a client. Turns out it was the connectivity with FortiGuard servers that was in cause.
Check "diagnose debug rating" : if you have only one ipv6 then disable the FortiGuard Anycast as a workaround : "set fortiguard-anycast disable"
So far I don't know why it started failling in anycast without any reason.
Hello @SupportA,
The problem is resolved on our end. It's really confusing to be honest.
On 3 locations that we have the problem was resolved on 3 different ways.
On first location it was done by restart, second location by changing the port and fortiguard forwards, on third location it was done by itself.
So I don't know what to say about it
I think I understand the problem.
We also have the same problem in France and Spain following the time change in Europe this weekend.
The problem seems to be solved after restarting the FortiGate.
But also, without restarting the FortiGate, by switching to "restric to" "EU only" in "Update server location".
We encountered similar issues with various firewalls in Switzerland and other European countries, seemingly triggered by the transition from standard time to daylight saving time. There are several workarounds available; all of them can be implemented and subsequently reverted back to their default settings while continuing to function correctly. These solutions include switching to anycast, altering the global DNS settings, or opting for EU-only configurations.
Additionally, despite our inquiries, Fortinet has not yet acknowledged in the ticket that the issue is related to the transition to daylight saving time, stating they have no other customers experiencing the same problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.