Created on ‎08-08-2024 05:11 AM Edited on ‎08-08-2024 05:46 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Webpage not open "TCP reset from client"
Dear Concern,
I am visiting a website, but the page is not opening. In the forward logs, I see 'TCP reset from client' under 'action', and sometimes it shows 'accept'. The webpage says 'refused to connect'. How can resolve. I have FortiGate 201F firewall and firmware version is 7.0.10
If I check from another network, the webpage opens properly.
can anyone help me to resolve the issue
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can exempt that website by following this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can collect the packet capture on the client machine and on the FortiGate simultaneously. Ensure that the FortiGate policy is in flow-based mode, and also disable the Windows Firewall on the client machine.
Also, can you confirm are you using certificate or deep inspection in fortigate policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mirza_Asad2723,
Is there any security profile enabled on FortiGate? Can you try directly connected to FortiGate and see if the website loaded?
Regards,
Minh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mirza_Asad2723,
Only one website not working? You mentioned that it works from another network, is that network behind the FortiGate? 7.0.10 is not up to date. I suggest upgrading to 7.0.15 or 7.2.8. Please also disable all security profiles in the firewall policy to see if it helps.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all thanks for your response & interest. I have troubleshoot my self as well. I diagnosed that
When I disabled the Web Filter in the IPv4 policy, the webpage opened successfully. Furthermore, I checked the category of the webpage in the 'Security Profile' under 'Web Rating Override' and found it categorized as 'General Interest - Personal' with a sub-category of 'Education.'
Due to security reasons, I cannot disable the Web Filter in the IPv4 Policy. So, please advise on how I can keep the Web Filter enabled and still allow access to this webpage.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can exempt that website by following this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition to exempt the website, if you continue to face the issue; then share the screenshots from a packet capture using wireshark while trying to reproduce the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Mirza_Asad2723 ,
You can also refer this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the website works without the webfilter, it is most likely getting blocked, as previously mentioned, try setting up a filter to exempt this website from being checked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Concern,
I followed that shared link (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
but the web page still not opening.
the website is "https://www.hub.icap.org.pk:8010/sap/bc/ui5_ui5/sap/zcrmicap/index.html?sap-client=500#"
similarly i have tried multiple settings, but the the page not open.
![](/skins/images/314F488D15A2016126B094729A0E57E8/responsive_peak/images/icon_anonymous_message.png)