Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mirza_Asad2723
New Contributor II

Webpage not open "TCP reset from client"

Dear Concern,

 

I am visiting a website, but the page is not opening. In the forward logs, I see 'TCP reset from client' under 'action', and sometimes it shows 'accept'. The webpage says 'refused to connect'. How can resolve. I have FortiGate 201F firewall and firmware version is 7.0.10

 

If I check from another network, the webpage opens properly.

 

can anyone help me to resolve the issue

1 Solution
16 REPLIES 16
kumarh
Staff
Staff

You can collect the packet capture on the client machine and on the FortiGate simultaneously. Ensure that the FortiGate policy is in flow-based mode, and also disable the Windows Firewall on the client machine.
Also, can you confirm are you using certificate or deep inspection in fortigate policy?

mle2802
Staff
Staff

Hi @Mirza_Asad2723,

Is there any security profile enabled on FortiGate? Can you try directly connected to FortiGate and see if the website loaded? 

Regards,
Minh

hbac
Staff
Staff

Hi @Mirza_Asad2723,

 

Only one website not working? You mentioned that it works from another network, is that network behind the FortiGate? 7.0.10 is not up to date. I suggest upgrading to 7.0.15 or 7.2.8. Please also disable all security profiles in the firewall policy to see if it helps. 

 

Regards, 

Mirza_Asad2723
New Contributor II

Dear @mle2802 @hbac @kumarh 

 

First of all thanks for your response & interest. I have troubleshoot my self as well. I diagnosed that

When I disabled the Web Filter in the IPv4 policy, the webpage opened successfully. Furthermore, I checked the category of the webpage in the 'Security Profile' under 'Web Rating Override' and found it categorized as 'General Interest - Personal' with a sub-category of 'Education.'

Due to security reasons, I cannot disable the Web Filter in the IPv4 Policy. So, please advise on how I can keep the Web Filter enabled and still allow access to this webpage.

hbac
Umer221
Staff
Staff

@Mirza_Asad2723 

In addition to exempt the website, if you continue to face the issue; then share the screenshots from a packet capture using wireshark while trying to reproduce the issue.

avneesh_
Staff
Staff

If the website works without the webfilter, it is most likely getting blocked, as previously mentioned, try setting up a filter to exempt this website from being checked.

Mirza_Asad2723
New Contributor II

Dear Concern,

 

I followed that shared link (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...

 

but the web page still not opening. 

 

the website is "https://www.hub.icap.org.pk:8010/sap/bc/ui5_ui5/sap/zcrmicap/index.html?sap-client=500#"

 

 

Capture.JPG

 

similarly i have tried multiple settings, but the the page not open.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors