Hello,
in our company we have Fortigate 80F (v7.0.13 build0566 (Mature)). I'm new in company and totally newbie in Fortigate (used mikrotik and cisco in previous work).
We found problem that websites which use Cloudflare DNS not working.
Tried this: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Block-QUIC-Protocol/ta-p/197661
websites still don't work.
Chrome shows me: ERR_QUIC_PROTOCOL_ERROR
If I disable QUIC in Chrome too, it shows me: ERR_NETWORK_ACCESS_DENIED
Edge: ERR_QUIC_PROTOCOL_ERROR
Will be very thankful for your help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
You may consider to sniff traffic towards the server in CLI "diagnose sniffer packet any 'host <destination IP address>' 6 0 a" or GUI (https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Packet-Capture-on-FortiOS-GUI/ta-p/1...). It will help to verify whether TCP and TLS sessions are established successfully.
Created on 03-20-2024 03:29 AM Edited on 03-20-2024 03:32 AM
Hello abarushka, thank you for your reply.
I tried sniff in console but seems it doesn't work fine.
$ diagnose sniffer packet any 'www.qr.io'
interfaces=[any]
filters=[www.qr.io]
pcap_compile: can't parse filter expression: syntax error
$ diagnose sniffer packet any 'host qr.io'
interfaces=[any]
filters=[host qr.io]
pcap_compile: unknown host 'qr.io'
Hello,
It is necessary to specify IP address as a filter instead of the hostname (i.e. "diagnose sniffer packet any 'host 188.114.97.3' 6 0").
Created on 03-20-2024 03:35 AM Edited on 03-20-2024 03:35 AM
Hello,
diagnose sniffer packet any 'host 188.114.97.3' 6 0
No permission for this admin to read any data
Command fail. Return code -37
So I contacted person who made a setup of fortigate for us.
Will contact you soon.
Thank you.
Hello,
I suspect that permission (to run "diagnose" command) is not set. Please find the details by following the link below:
@fgatko
can you please try proxy-based policy instead of flow flow-based policy?
Hi, Please check if you have admin rights to do packet captures. If not then ask the administrator to permit to allow packet capture.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.