SSL for HTTPS

Everstay · ‎03-24-2024

Hi all,

I'm having some issues with port forwarding. I'm running fortinet v7.0.5. I have a Windows Server running Tomcat 8.5 which is running my website. I've succesfully managed to import my SSL certificates into tomcat (on my windows server, going into https://localhost:8443/ i can see the certificate (shows as error, because the domain doesnt match, but all of the information about the CA etc is there, so its working okay). But when i go through https://domain.com:8443/ i get Unable to connect - An error occurred during a connection to domain.com. If i go to https://domain.com (without the port) i get The connection has timed out - An error occurred during a connection to

Now i have a public ip on my fortinet wan, which is used mostly just for ssl-vpn to remote into my workspace when im at home.

I've added 2 VIP's one for port 80 and one for port 8443(https) - port 8443 seems to get hits, but cant load, and port 8443 reports as closed when using tools to check for open ports.

I've attached some screenshots of my vip's and firewall policies (im guessing the issue might be within the firewall rules, as im a complete newbie at this).

I've attached 2 screenshots - 1 of the vip settings, and other of the firewall rule. I would greatly appreciate if someone more experienced could point be to the right direction, i've fought this for 3 days without any luck.

If you require any more information, please do say and i will provide them!

Many thanks!

screenshots:

pminarik · ‎03-25-2024

Look at this single flow (which repeats throughout the capture):

2024-03-25 08:23:57.044783 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:57.044848 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.044853 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.045227 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:57.045249 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840

Or in short:

-> SYN

<- RST

This is very much an explicit rejection of the attempt to communicate by 10.1.2.63 (or whoever else may be acting on its behalf, such as another firewall, on the path, on the server, etc.).

From the FortiGate's point of view, the important thing to notice is that the SYN packet goes through, i.e. the packet/session was allowed to pass.

[ corrections always welcome ]

View solution in original post

pminarik · ‎03-25-2024

At a glance the setup looks OK. Here's a list of semi-random points that may be worth checking:

Does "domain.com" resolve to the WAN interface IP, exclusively? (not resolving to two IPs, or giving multiple results rotated in round-robin fashion)
Is the mapped-ip 10.1.2.63 actually reachable via the "lan" interface? (is "lan" in the same subnet? Or does it at least have a route towards the IP via another router?)
You wrote "localhost:8443". Is the server configured correctly? A) is it listening on its ethernet interface connected to the 10.1.2.63/xx subnet? B) Is the local firewall (if any is enabled) on the server allowing incoming traffic to TCP/8443?
Is the server application configured with any source-ip restrictions for incoming connections? (less likely to be relevant with SNAT enabled in the FGT firewall policy, but it may become more relevant later)

If all else fails, start with basics and make a packet capture and check the packet flow:

diag sniffer packet any "port 8443" 4 0 a

(CTRL+C when done)

[ corrections always welcome ]

Everstay · ‎03-25-2024

Hi and thanks for your pointers.

The domain.com is our main website hosted via a hosting providers, we've created a subdomain for our main domain. Said subdomain has an A record pointing to the public fortinet WAN ip address which i failed to mention; so to answer your question, i guess yes it does
The mapped address is reachable, there's no issue with this. I can easily access the website using my subdomain, but without the https port (i can only access it using port 80 or port 8080 (which is default non ssl for tomcat)
Im 90% certain server-wise everything is correct. Is there any commands i can run on the windows server that would tell me if there is something blocking it from reaching the outside world using the ssl port?
I dont think so, we never had anything similar done on our network, so if it hasn't came by default, its not there.

Here's a glance at the sniffer command. I've changed most parts of the public ip to PUBLIC_IP leaving .114 and .110 which is the ends of that WAN ip address. Is there something you see that i dont?

Many thanks!

pminarik · ‎03-25-2024

Looks like the sniffer output wasn't attached, can you retry?

[ corrections always welcome ]

Everstay · ‎03-25-2024

Sorry! Here it is (10.1.99.30 is fortinets ip that i access web ui with)

Spoiler

ID420 # diag sniffer packet any "port 8443" 4 0 a
interfaces=[any]
filters=[port 8443]
2024-03-25 08:23:56.524975 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:56.525208 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:56.525222 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:56.525887 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:56.525935 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840
2024-03-25 08:23:56.779074 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 3868203969
2024-03-25 08:23:56.779178 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:56.779184 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:56.779844 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 3868203970
2024-03-25 08:23:56.779873 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 3868203970
2024-03-25 08:23:57.044783 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:57.044848 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.044853 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.045227 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:57.045249 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840
2024-03-25 08:23:57.296572 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 3868203969
2024-03-25 08:23:57.296625 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:57.296630 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:57.297177 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 3868203970
2024-03-25 08:23:57.297202 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 3868203970
2024-03-25 08:23:57.562318 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:57.562436 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.562442 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.563006 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:57.563033 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840
2024-03-25 08:23:57.811778 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 3868203969
2024-03-25 08:23:57.811851 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:57.811856 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:57.812474 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 3868203970
2024-03-25 08:23:57.812501 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 3868203970
2024-03-25 08:23:58.078690 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:58.078741 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:58.078746 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:58.079336 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:58.079357 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840
2024-03-25 08:23:58.330470 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 3868203969
2024-03-25 08:23:58.330516 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:58.330521 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:58.331066 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 3868203970
2024-03-25 08:23:58.331091 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 3868203970
2024-03-25 08:23:58.595017 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:58.595131 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:58.595136 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:58.595807 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:58.595833 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840
2024-03-25 08:23:58.648388 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 154603566
2024-03-25 08:23:58.648444 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:58.648449 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:58.648973 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 154603567
2024-03-25 08:23:58.648995 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 154603567
2024-03-25 08:23:58.850293 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 3868203969
2024-03-25 08:23:58.850341 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:58.850346 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 3868203969
2024-03-25 08:23:58.850915 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 3868203970
2024-03-25 08:23:58.850940 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 3868203970
2024-03-25 08:23:59.157790 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 154603566
2024-03-25 08:23:59.157853 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:59.157858 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:59.158458 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 154603567
2024-03-25 08:23:59.158483 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 154603567
2024-03-25 08:23:59.689252 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 154603566
2024-03-25 08:23:59.689362 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:59.689367 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:23:59.690041 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 154603567
2024-03-25 08:23:59.690067 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 154603567
2024-03-25 08:23:59.924807 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 2808865711
2024-03-25 08:23:59.924897 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:23:59.924902 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:23:59.925532 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 2808865712
2024-03-25 08:23:59.925561 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 2808865712
2024-03-25 08:24:00.218368 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 154603566
2024-03-25 08:24:00.218469 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:24:00.218476 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:24:00.219096 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 154603567
2024-03-25 08:24:00.219126 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 154603567
2024-03-25 08:24:00.443486 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 2808865711
2024-03-25 08:24:00.443550 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:00.443555 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:00.444111 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 2808865712
2024-03-25 08:24:00.444138 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 2808865712
2024-03-25 08:24:00.728945 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 154603566
2024-03-25 08:24:00.729065 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:24:00.729072 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 154603566
2024-03-25 08:24:00.729762 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 154603567
2024-03-25 08:24:00.729792 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 154603567
2024-03-25 08:24:00.962171 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 2808865711
2024-03-25 08:24:00.962229 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:00.962234 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:00.962914 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 2808865712
2024-03-25 08:24:00.962942 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 2808865712
2024-03-25 08:24:01.485487 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 2808865711
2024-03-25 08:24:01.485598 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:01.485603 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:01.486256 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 2808865712
2024-03-25 08:24:01.486285 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 2808865712
2024-03-25 08:24:02.003018 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 2808865711
2024-03-25 08:24:02.003096 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:02.003101 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 2808865711
2024-03-25 08:24:02.003805 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 2808865712
2024-03-25 08:24:02.003832 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 2808865712
2024-03-25 08:24:05.755612 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 1209223164
2024-03-25 08:24:05.755718 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:05.755723 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:05.756258 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 1209223165
2024-03-25 08:24:05.756283 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 1209223165
2024-03-25 08:24:05.756741 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 952748999
2024-03-25 08:24:05.756792 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:05.756797 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:05.757247 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 952749000
2024-03-25 08:24:05.757273 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 952749000
2024-03-25 08:24:06.010889 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 2818390585
2024-03-25 08:24:06.010942 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:06.010948 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:06.011614 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 2818390586
2024-03-25 08:24:06.011637 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586
2024-03-25 08:24:06.275441 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 1209223164
2024-03-25 08:24:06.275448 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 952748999
2024-03-25 08:24:06.275494 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:06.275495 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:06.275499 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:06.275500 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:06.276194 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 1209223165
2024-03-25 08:24:06.276196 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 952749000
2024-03-25 08:24:06.276215 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 1209223165
2024-03-25 08:24:06.276219 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 952749000
2024-03-25 08:24:06.522602 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 2818390585
2024-03-25 08:24:06.522650 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:06.522655 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:06.523297 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 2818390586
2024-03-25 08:24:06.523318 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586
2024-03-25 08:24:06.798774 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 1209223164
2024-03-25 08:24:06.798780 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 952748999
2024-03-25 08:24:06.798889 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:06.798890 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:06.798894 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:06.798895 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:06.799615 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 1209223165
2024-03-25 08:24:06.799618 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 952749000
2024-03-25 08:24:06.799641 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 1209223165
2024-03-25 08:24:06.799643 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 952749000
2024-03-25 08:24:07.040136 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 2818390585
2024-03-25 08:24:07.040192 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:07.040197 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:07.040871 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 2818390586
2024-03-25 08:24:07.040892 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586
2024-03-25 08:24:07.324408 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 1209223164
2024-03-25 08:24:07.324416 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 952748999
2024-03-25 08:24:07.324460 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:07.324461 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:07.324465 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:07.324466 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:07.325096 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 1209223165
2024-03-25 08:24:07.325097 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 952749000
2024-03-25 08:24:07.325118 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 1209223165
2024-03-25 08:24:07.325120 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 952749000
2024-03-25 08:24:07.556505 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 2818390585
2024-03-25 08:24:07.556616 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:07.556621 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:07.557155 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 2818390586
2024-03-25 08:24:07.557179 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586
2024-03-25 08:24:07.844267 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 1209223164
2024-03-25 08:24:07.844333 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 952748999
2024-03-25 08:24:07.844367 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:07.844372 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 1209223164
2024-03-25 08:24:07.844380 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:07.844386 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 952748999
2024-03-25 08:24:07.845065 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 1209223165
2024-03-25 08:24:07.845065 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 952749000
2024-03-25 08:24:07.845090 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 1209223165
2024-03-25 08:24:07.845091 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 952749000
2024-03-25 08:24:08.074011 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 2818390585
2024-03-25 08:24:08.074063 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:08.074068 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 2818390585
2024-03-25 08:24:08.074753 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 2818390586
2024-03-25 08:24:08.074775 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586

ID420 # diag sniffer packet any "port 8443" 4 0 ainterfaces=[any]filters=[port 8443]2024-03-25 08:23:56.524975 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 8007808392024-03-25 08:23:56.525208 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:56.525222 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:56.525887 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 8007808402024-03-25 08:23:56.525935 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 8007808402024-03-25 08:23:56.779074 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 38682039692024-03-25 08:23:56.779178 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:56.779184 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:56.779844 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 38682039702024-03-25 08:23:56.779873 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 38682039702024-03-25 08:23:57.044783 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 8007808392024-03-25 08:23:57.044848 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:57.044853 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:57.045227 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 8007808402024-03-25 08:23:57.045249 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 8007808402024-03-25 08:23:57.296572 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 38682039692024-03-25 08:23:57.296625 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:57.296630 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:57.297177 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 38682039702024-03-25 08:23:57.297202 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 38682039702024-03-25 08:23:57.562318 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 8007808392024-03-25 08:23:57.562436 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:57.562442 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:57.563006 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 8007808402024-03-25 08:23:57.563033 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 8007808402024-03-25 08:23:57.811778 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 38682039692024-03-25 08:23:57.811851 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:57.811856 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:57.812474 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 38682039702024-03-25 08:23:57.812501 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 38682039702024-03-25 08:23:58.078690 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 8007808392024-03-25 08:23:58.078741 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:58.078746 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:58.079336 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 8007808402024-03-25 08:23:58.079357 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 8007808402024-03-25 08:23:58.330470 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 38682039692024-03-25 08:23:58.330516 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:58.330521 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:58.331066 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 38682039702024-03-25 08:23:58.331091 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 38682039702024-03-25 08:23:58.595017 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 8007808392024-03-25 08:23:58.595131 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:58.595136 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 8007808392024-03-25 08:23:58.595807 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 8007808402024-03-25 08:23:58.595833 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 8007808402024-03-25 08:23:58.648388 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 1546035662024-03-25 08:23:58.648444 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:58.648449 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:58.648973 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 1546035672024-03-25 08:23:58.648995 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 1546035672024-03-25 08:23:58.850293 wan in PUBLIC_IP.114.53930 -> PUBLIC_IP.110.8443: syn 38682039692024-03-25 08:23:58.850341 vlan99 out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:58.850346 lan out 10.1.99.30.53930 -> 10.1.2.63.8443: syn 38682039692024-03-25 08:23:58.850915 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53930: rst 0 ack 38682039702024-03-25 08:23:58.850940 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53930: rst 0 ack 38682039702024-03-25 08:23:59.157790 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 1546035662024-03-25 08:23:59.157853 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:59.157858 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:59.158458 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 1546035672024-03-25 08:23:59.158483 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 1546035672024-03-25 08:23:59.689252 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 1546035662024-03-25 08:23:59.689362 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:59.689367 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:23:59.690041 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 1546035672024-03-25 08:23:59.690067 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 1546035672024-03-25 08:23:59.924807 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 28088657112024-03-25 08:23:59.924897 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:23:59.924902 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:23:59.925532 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 28088657122024-03-25 08:23:59.925561 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 28088657122024-03-25 08:24:00.218368 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 1546035662024-03-25 08:24:00.218469 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:24:00.218476 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:24:00.219096 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 1546035672024-03-25 08:24:00.219126 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 1546035672024-03-25 08:24:00.443486 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 28088657112024-03-25 08:24:00.443550 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:00.443555 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:00.444111 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 28088657122024-03-25 08:24:00.444138 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 28088657122024-03-25 08:24:00.728945 wan in PUBLIC_IP.114.53932 -> PUBLIC_IP.110.8443: syn 1546035662024-03-25 08:24:00.729065 vlan99 out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:24:00.729072 lan out 10.1.99.30.53932 -> 10.1.2.63.8443: syn 1546035662024-03-25 08:24:00.729762 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53932: rst 0 ack 1546035672024-03-25 08:24:00.729792 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53932: rst 0 ack 1546035672024-03-25 08:24:00.962171 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 28088657112024-03-25 08:24:00.962229 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:00.962234 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:00.962914 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 28088657122024-03-25 08:24:00.962942 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 28088657122024-03-25 08:24:01.485487 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 28088657112024-03-25 08:24:01.485598 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:01.485603 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:01.486256 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 28088657122024-03-25 08:24:01.486285 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 28088657122024-03-25 08:24:02.003018 wan in PUBLIC_IP.114.53936 -> PUBLIC_IP.110.8443: syn 28088657112024-03-25 08:24:02.003096 vlan99 out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:02.003101 lan out 10.1.99.30.53936 -> 10.1.2.63.8443: syn 28088657112024-03-25 08:24:02.003805 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53936: rst 0 ack 28088657122024-03-25 08:24:02.003832 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53936: rst 0 ack 28088657122024-03-25 08:24:05.755612 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 12092231642024-03-25 08:24:05.755718 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:05.755723 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:05.756258 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 12092231652024-03-25 08:24:05.756283 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 12092231652024-03-25 08:24:05.756741 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 9527489992024-03-25 08:24:05.756792 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:05.756797 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:05.757247 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 9527490002024-03-25 08:24:05.757273 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 9527490002024-03-25 08:24:06.010889 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 28183905852024-03-25 08:24:06.010942 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:06.010948 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:06.011614 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 28183905862024-03-25 08:24:06.011637 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 28183905862024-03-25 08:24:06.275441 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 12092231642024-03-25 08:24:06.275448 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 9527489992024-03-25 08:24:06.275494 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:06.275495 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:06.275499 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:06.275500 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:06.276194 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 12092231652024-03-25 08:24:06.276196 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 9527490002024-03-25 08:24:06.276215 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 12092231652024-03-25 08:24:06.276219 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 9527490002024-03-25 08:24:06.522602 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 28183905852024-03-25 08:24:06.522650 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:06.522655 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:06.523297 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 28183905862024-03-25 08:24:06.523318 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 28183905862024-03-25 08:24:06.798774 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 12092231642024-03-25 08:24:06.798780 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 9527489992024-03-25 08:24:06.798889 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:06.798890 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:06.798894 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:06.798895 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:06.799615 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 12092231652024-03-25 08:24:06.799618 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 9527490002024-03-25 08:24:06.799641 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 12092231652024-03-25 08:24:06.799643 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 9527490002024-03-25 08:24:07.040136 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 28183905852024-03-25 08:24:07.040192 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:07.040197 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:07.040871 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 28183905862024-03-25 08:24:07.040892 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 28183905862024-03-25 08:24:07.324408 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 12092231642024-03-25 08:24:07.324416 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 9527489992024-03-25 08:24:07.324460 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:07.324461 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:07.324465 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:07.324466 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:07.325096 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 12092231652024-03-25 08:24:07.325097 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 9527490002024-03-25 08:24:07.325118 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 12092231652024-03-25 08:24:07.325120 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 9527490002024-03-25 08:24:07.556505 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 28183905852024-03-25 08:24:07.556616 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:07.556621 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:07.557155 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 28183905862024-03-25 08:24:07.557179 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 28183905862024-03-25 08:24:07.844267 wan in PUBLIC_IP.114.53941 -> PUBLIC_IP.110.8443: syn 12092231642024-03-25 08:24:07.844333 wan in PUBLIC_IP.114.53942 -> PUBLIC_IP.110.8443: syn 9527489992024-03-25 08:24:07.844367 vlan99 out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:07.844372 lan out 10.1.99.30.53941 -> 10.1.2.63.8443: syn 12092231642024-03-25 08:24:07.844380 vlan99 out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:07.844386 lan out 10.1.99.30.53942 -> 10.1.2.63.8443: syn 9527489992024-03-25 08:24:07.845065 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53941: rst 0 ack 12092231652024-03-25 08:24:07.845065 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53942: rst 0 ack 9527490002024-03-25 08:24:07.845090 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53941: rst 0 ack 12092231652024-03-25 08:24:07.845091 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53942: rst 0 ack 9527490002024-03-25 08:24:08.074011 wan in PUBLIC_IP.114.53943 -> PUBLIC_IP.110.8443: syn 28183905852024-03-25 08:24:08.074063 vlan99 out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:08.074068 lan out 10.1.99.30.53943 -> 10.1.2.63.8443: syn 28183905852024-03-25 08:24:08.074753 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53943: rst 0 ack 28183905862024-03-25 08:24:08.074775 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53943: rst 0 ack 2818390586

Im also attaching a screenshot of interfaces in use

edit: Might be of some use: i found that if i run the sniffer test against ports 80, 8080 and 8443 the results are all the same. Keep in mind port 80 and 8080 (non-ssl) work fine and display the page normally; port 8443 gives unable to connect error. So to my understanding, if all results within the sniffer for port 80 8080 and 8443 are the same, this shouldnt be fortinet blocking something, correct? Can this be due to network policies and firewall on the windows server itself?

pminarik · ‎03-25-2024

Look at this single flow (which repeats throughout the capture):

2024-03-25 08:23:57.044783 wan in PUBLIC_IP.114.53929 -> PUBLIC_IP.110.8443: syn 800780839
2024-03-25 08:23:57.044848 vlan99 out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.044853 lan out 10.1.99.30.53929 -> 10.1.2.63.8443: syn 800780839
2024-03-25 08:23:57.045227 vlan99 in 10.1.2.63.8443 -> 10.1.99.30.53929: rst 0 ack 800780840
2024-03-25 08:23:57.045249 wan out PUBLIC_IP.110.8443 -> PUBLIC_IP.114.53929: rst 0 ack 800780840

Or in short:

-> SYN

<- RST

This is very much an explicit rejection of the attempt to communicate by 10.1.2.63 (or whoever else may be acting on its behalf, such as another firewall, on the path, on the server, etc.).

From the FortiGate's point of view, the important thing to notice is that the SYN packet goes through, i.e. the packet/session was allowed to pass.

[ corrections always welcome ]

Everstay · ‎03-25-2024

Okay, so in my understanding FortiGate allows the connection to go through but then it gets rejected by its next hop, some other instance like the windows server where the packet is destined to go?(for example www -> fortigate(allowed) -> windows server(rejected)

pminarik · ‎03-25-2024

Correct. Something behind the FortiGate is rejecting the connection. It may or may not be the destination server itself, depending on what else is on the path in-between, if anything.

[ corrections always welcome ]

Everstay · ‎03-25-2024

Yes, you are correct. The destination server (windows server) needed inbound/outbound rules added for those ports. Everything is working smoothly now. Many thanks for your assistance in this matter!