Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
backpackdam
New Contributor

Unable to get iPhone mail via WiFi on FortiGate 100E

We have several locations running Fortinet equipment and we can't get to our on-prem Exchange server when using WiFi from only one of the locations.

 

Main office has a Fortigate 200.  Outlaying offices both have Fortigate 100E.  A site-to-site tunnel connects everything.  When we're at the main office and on WiFi, any iPhone will connect to email using the Mail app perfectly.  When we go to office A with the same iPhone, everything works fine.  When we go to Office B (running FortiOS 6.2.11) with the same iPhone, we can't reach the Exchange server (via mail app or owa address).  We're able to ping the server just fine.  If we use an Android or a laptop in that same office, there is no issue - it is ONLY the iPhone.

 

Sniffer logs show the Client Hello going from the iPhone to the Exchange server.  Logs on the HQ 200 show that the Server Hello gets sent to the 100E but then the connection times out (maybe due to using TLS 1.0 somehow?).

 

Again - the same iPhone will work in our other locations just fine.  It's only this ONE location that is having issues.

 

Has anyone experienced something similar?  Does anyone know of any magic setting in the 100E that may need to be changed?  Is there a way to use the 100E to find out what happens to the traffic?

13 REPLIES 13
backpackdam

Graham,

 

Thank you SO MUCH for your help.  I change the MTU to 1380 and it worked, although I had to use commands that differed from yours since they didn't seem to have effect:

 

config system interface
 edit <VPN INTERFACE>
 set mtu 1380
end

  That was after I was in the interface and did set mtu-override enable and tried the tcp-mss 1380 but that didn't work.  Running set mtu 1380 did though.

 

Is the way I implemented the change going to work long term without affecting other traffic? 

gfleming

Hey there yeah setting MTU is a good idea too. However, not all connections/devices will recognize the lower MTU and might still send packets that are too big. If it's working for you, great.

 

I would suggest a combo play: set MSS to 1380 and MTU to 1420. See how that works. Having only MTU set might cause delays/timeouts for some traffic still.

 

Is the WAN connection a PPPoE or similar connection with extra overhead? If so you  might want to manuall set the MTU on the WAN link as well...

Cheers,
Graham
jamespride815
New Contributor

Hello,

That sounds like a challenging situation. It appears to be a location-specific issue with iPhone connectivity Mod apk to the Exchange server. Checking TLS settings on the 100E and examining the traffic flow could be beneficial. Additionally, reaching out to Fortinet support or the community might provide insights or specific configurations to troubleshoot this unique scenario.

Best of luck in resolving the connectivity problem!

Wordgamer22
New Contributor

I searched on every forum on internet and eventually end up fixing this by encountering the message "This message has not been downloaded from the server" in the iPhone Mail app, there are several potential solutions you can try to resolve the issue. Here are some steps to troubleshoot:-

1. Check Internet Connection:-
  -Ensure that your iPhone has a stable and active internet connection, either through Wi-Fi or               cellular  data. If the connection is weak or unstable, it might prevent the mail from being                       downloaded.

2. Refresh or Reload the Mail App:-
  -Open the Mail app, navigate to the mailbox with the problematic message, and try pulling down on     the screen to refresh the mailbox. This action often triggers the app to re-download messages.

3. Restart the Mail App:-
  -Close the Mail app and then reopen it. To close an app on iPhone with Face ID, swipe up from the     bottom and hold to access the app switcher. For iPhones with a Home button, double-click the             Home button and swipe up on the Mail app.

4. Restart Your iPhone:-
  -A simple restart of your iPhone can resolve many software-related issues. Turn off your iPhone,         wait a few seconds, and then turn it back on.

5. Check Mail Settings:-
  -Make sure your email account settings are correctly configured. Go to Settings > Mail > Accounts,       select your email account, and verify that the incoming mail server settings are accurate.

6. Delete and Re-Add Email Account:-
  -Remove the problematic email account from your iPhone and then add it again. Go to Settings >         Mail > Accounts, select the email account, and choose "Delete Account." Afterward, add the                account again using the "Add Account" option.

By following these steps, you should be able to troubleshoot and resolve the issue with messages not being downloaded from the server in the iPhone Mail app. For more details follow instruction.

https://www.youtube.com/watch?v=-11NMLLXv0o&ab_channel=TheGeekPage

Labels
Top Kudoed Authors