Hello Julien,

Yes, I have also tried this and when I ping the destination everything goes well. but can not open the page in local machine . 

Tnx

Hi, 

can you post the return diag sniffer ?  because in your post i see source network (192.168.10.x ) can not ping 10.2.x.x/24...  you do have change configuration for that?    

You can send the result for diag sniffer packet any 'host x.x.x.x and port 443' 4   if your portal is in HTTPS with standard port.

For your information:

FortiGate-80F # execute ping 10.2.0.6
PING 10.2.0.6 (10.2.0.6): 56 data bytes
64 bytes from 10.2.0.6: icmp_seq=0 ttl=126 time=0.3 ms
64 bytes from 10.2.0.6: icmp_seq=1 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=2 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=3 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=4 ttl=126 time=0.2 ms

--- 10.2.0.6 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.3 ms

FortiGate-80F #

after hitting the command which you told me I got no answer:

FortiGate-80F # diagnose debug flow filter daddr 10.2.0.6

FortiGate-80F #

yes for this one, but you have write  ping is ko from source network  to CUP-PORTAL host.   It's for this test, i would look the result of diagnose sniffer packet.

Best regards,

I know what you mean, but after hitting the "diagnose debug flow filter daddr 10.2.0.6 " there is no any result on Firewall, 

The things is that, in local machine 192.168.10.x is not possible to open the link which http://cup-wifcty.lan.cup.fe

also in Firewall can not recognize this address but can ping the IP,

yes i have understand that.  but i can not look the diagnose packet fortinet.   You can check too the DNS resolution from localmachine.

Client claim that, 10 days ago he could access to this portal without any issue. during this interval I did not change anything on FW. I am tired with these issue. :(