I'm having a weird issue with access public facing website after replacing my old Fortigate 200D with 200F.
I have multiple VDOMs that have few public facing websites. Vdom A has a website and vdom B has two websites. After replacing the Fortigate, I can't seem to access the two websites on a vdom B. I have no issue accessing the website on vdom A from outside. The main difference between two vdoms is that they have a different DIA to Internet. I'm not sure what causing the issue. I thought the issue is my switch that is sitting in between the Fortigate and the Internet provider. I don't see anything strange in there. It is doing L2. Any suggestions? I had to back out and put the old 200D in there to have the network back.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi peterk2020,
I hope the configuration migration has been done using the Forticonverter tool. We need to check if the request for websites in VDOM B from external network is reaching the firewall and if the firewall is dropping it.
You can use the below command to check if the traffic is reaching the firewall first:
diag sniffer packet any 'host x.x.x.x and host y.y.y.y' 4 0 a --- >you can replace x.x.x.x with the client public IP and y.y.y.y with the server IP
If the traffic comes in and if it is not forwarded, we can cross check if the traffic if getting dropped.
Regards,
Vimala
Thanks for your reply. I'll do the packet capture when I have the next maintenance scheduled.
Can you post the VDOM B interface configs (WAN and LAN) from the 200F, VIP config for the two websites, and the Firewall Policy(ies) allowing the traffic?
In case anyone need to know what happened, the issue was resolved after issuing failover status set command to force change over. I'm not sure the reason why. I'm afraid to change back to the other unit.
Interesting. May be there was an existing session on the former Fortigate, only debug/sniffer can provide more information.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.