Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
suthomas1
New Contributor

https website

Good day all,

 

We have a fortigate running version 6.2.2

there seems to be a problem with accessing one of https websites. When tried via our fortigate firewall, the site doesn't load. But if the same site loads fine when bypassed from fortigate firewall.

Please help me how to troubleshoot this problem, is there any cli commands to check why the site is being blocked via the firewall.

 

Thank you in advance.

 

Suthomas
Suthomas
4 REPLIES 4
suthomas1
New Contributor

Any ideas on this please? it doesn't show any kind of error when attempting to access this site..hence troubleshooting is difficult. at times it says err timeout in browser though.

 

thanks again.

Suthomas
Suthomas
Yurisk
Valued Contributor

Are you using Web filtering/AppControl in rules for accessing this website?

Are you using certificate-only or deep SSL inspection profile ? 

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
suthomas1

Yes, Web filtering/AppControl is being used.

SSL DPI is being used in rules.

 

I am at fail to find out what is causing the site to not load via the firewall. Any hints at troubleshooting (cli or gui) will be useful. thanks

Suthomas
Suthomas
Yurisk
Valued Contributor

Start with debug flow to make sure it is indeed malfunction and not an explicit block on some security feature. 

diagnose debug flow filter addr <IP of testing PC>

diagnose debug flow show function-name enable

diagnose debug flow trace start 

diagnose debug enable

 

If the above tells nothing and you see all passes as Allowed, try making an exception for this website - 1st in Web filtering in Static URL filter (put action Exempt/Allow), if no help - add to SSL Exception in profile (this exempts this website from SSL inspection completely). If this helps (most probably will) the next would be to open ticket with Fortinet TAC and investigate further what Fortigate does not line about this particular website.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Labels
Top Kudoed Authors