- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Car SMBv1 Application Server Issues
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Car SMBv1 Application Server Issues
Dear Guys,
I need your suggestions related to the weird issue on a Fortigate Firewall which is related to an SMBv2 Application.
As the Fortigate FW, Client and the Server lie in a single network and also I would say in a single subnet. Fortigate is running in a NAT-mode, also I have created a Virtual Wire Pair with the two interfaces whereas port15 is connected to a to Client and port 16 which is connected to a L3 Switch(MPLS Provider) where the Application Server resides.
Its a sort of a Car Application, that check the employees and revert the daily results of the working hours. However, with Fortiagte once I have login the application and trying to access through the Client it doesn't show anything only reverts with a blank page.
I have been stuck in this issue for 2 weeks. Even though I have been in contact with FortiTAC Support but they said Fortigate is working fine and there is a problem with the Application seems to be something on it after seeing the Packet Capture.
Whenever I tried to bypass the Fortigate the Application works and shows me the Output.
Note:
I have created a bidirectional Policy but nothing works.
I have tried to increase the session-ttl timeout, set tcp-timeout rst, set tcp-mss-receiver and sender on the Policy, set the MTU on the Router interface. Though the Client and Server send the RST Packets.
Changed the DNS of the FGT to the Internal DNS nothing happened. Though tried every possibility but nothing worked at all.
The firmware version of the Firewall is 6.0.10 as TAC Support recommends me to do that.
UTM Profiles are also disabled on the Policy and also on the Feature Visibility.
Any help would be appreciated.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
- What do you mean by "blank page" ? When you try click on f12 on browser and then enter the application page, what response do you see there ?
Or do you mean it keeps loading and nothing happened?
- Does you application only uses SMBv2 and no other ports ? or you only suspect the problem is with SMBv2 ?
- You upgraded to 6.0.10 to see if this resolves the issue ? or you were all the time at 6.0.10 and never upgraded ?
- Did it happen to work with some other firewall other than fortigate ? or you never tried that , and only bypassed the fortigate ?
- Is it possible for you to post the output of:
diag debug reset
diag debug disable
diag debug flow filter <application destination ip>
diag debug flow trace start 1000
diag debug enable
After finishing disable the debug : diag debug disable
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you say SMB. What traffic are you actually expecting to transit this ? I am hoping this isn't a firewall to the internet too and the app server isn't on the internet?? SMBv1 is deprecated everywhere and is highly insecure. Do you really mean SMBv2 perhaps?
Agree on diag debug to get info on whats going on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes exactly the server isn’t on the Internet I have seen on the packet captures the application supposed to use SMBv2 but the customer said to me that the application uses SMBv1. The expected result would be the output of the working hours. It’s quite strange that the whole application works smoothly on the printer part of the application wouldn’t working as expected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So before 6.0.9 it worked properly with FortiGate? Or all the issue starts after installing FortiGate? Also, I'm not sure if this is related to your issue, but if application is using SMBv1, Then it worth checking with Fortinet TAC this:
414081 SMB1 support has been by default disabled under part models.Which released at v5.6.6 and 6.0.2 https://fortinetweb.s3.am....0.2-release-notes.pdf https://pub.kb.fortinet.c....6.6-release-notes.pdf
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, it never works on Fortigate whether it’s the 6.0.9 or 6.0.10 firmware version was concerned. Thank you for the information but that information is related to the SSL VPN as far as I know. I have read it already.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've came across situations were things didn't work after replacing firewall but most of them are related to MTU / TCP MSS issues .. But this should be shown in pcap which you already have done as you mentioned ..
Thanks
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes but I have changed the MTU on the firewall and also on the interface and policy too. I have tried the Jumbo frame packets too but things wouldn’t work as expected.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes it keeps loading on and on and didn’t give me back the desired Output. The application uses port 445, 2003 port in which I have seen on the logs and that is Server Reset and Client Reset. Well issue starts with the 6.0.9 firmware and by the recommendation of TAC Support I have upgraded the firmware version to 6.0.10. I have bypassed the FW and it works as expected. In addition to this all of the application works perfectly only the printer part of the working hours showing a blank page with FGT. Fortinet TAC and I have captured a lot of packets seems like fortigate working properly and seems like an issue with an application layer after seeing the pcap files. But that’s not the reason as the application works with another old firewall like Microsoft ISA.
Related Posts
- Internal DNS Server issue 79 Views
- Automatically Ban Malicious Inbound IPs using... 162 Views
- FortiClient Azure SSO VPN issues 79 Views
- Geo location issue - Internal server... 167 Views
- FSSO authentication fallback with flow-based policy 172 Views
Labels
-
FortiGate
6,482 -
FortiClient
1,293 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
330 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
86 -
FortiCloud Products
82 -
FortiToken
69 -
IPsec
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSL SSH inspection
5 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.