Hi,
I have multiple VLANs that are working just fine. The last one I created cannot acces some Microsoft website and the username field on iCloud.com won't show up for example. I tried to redo the VLAN multiple times the see where I f*d-up. I cloned the rules from another VLAN that is working fine. I created a rule allowing Microsoft365 Internet services and portal.office.com finaly loads but there is other glitches and you can see a lag when the page load.
Any help will be appreciated.
Thank you
Edit: even with web filtering disabled, iCloud won't work
Edit2: FortiGate 601E v7.2.8
Edit3: The problem is with the interface, not the VLAN
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
You may consider to use browser developer tool. It will help to identify which URL fails (status column) or slow (time column):
Firefox: application menu > more tools > web developer tools > network
Chrome: customize and control google chrome > more tools > developer tools > network
In case there is UTM configured, you may consider to disable UTM for testing purposes.
Thank you for the quick response.
What should I do next? Even with web filter disabled or with URL filter exceptions it won't work.
What do you mean by "disable UTM"?
Hello @CBInfo,
Concerning disabling UTM, navigate to the firewall policy that is handling the traffic and proceed to edit the policy. Identify the Security Profiles that are enabled and toggle them off 1 by 1 for testing to see at any point if the issue is resolved. Please make sure to back up the config before such changes as well.
Kind Regards,
Thank you Quint021. I already tried that. With the web filter turned off, portal.microsoft.com is accessible with a lag but icloud.com is still the same.
Hello @CBInfo<,
For the particular VLAN in question, do you have any type of traffic shaping associated with that interface? In addition, what DNS servers are in use for the VLAN? If internal then you can try testing with public servers.
Kind Regards,
No shaping that I can see. The interface is setup like the other LAN interfaces. It is internal DNS like the other LAN interfaces. DNS and DHCP are on a Windows server.
Hello,
I would recommend to check browser developer tool output (icloud.com) and sniff the traffic (icloud.com) and check for anomalies.
Hi and thank you to all of you who took the time to help me. I changed interface this morning and everything works fine. I still don't know why it's not working on the other interface...
Hi @CBInfo,
On the problematic policy, you can try to reduce tcp-mss values by running the following commands and test:
config firewall policy
edit <policy id>
set tcp-mss-sender 1300
set tcp-mss-receiver 1300
end
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.