- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Strange issue with Fortigate 200E web gui not work...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Strange issue with Fortigate 200E web gui not working and ssh sessions freezing?
I'm trying to setup a Fortigate 200E at a new remote site with a someone there to assist me.
As it was a fresh install, I did not follow the upgrade path, instead getting my remote assistant to upload FGT_200E-v7.4.3.F-build2573-FORTINET.out, and then rebooting, doing an "execute factoryreset", then another reboot for good measure.
I got my assistant to do some initial config: set a secure password, set HTTPS and SSH admin to obscure high ports, and enabled HTTPS and SSH and ping on the WAN1 interface.
WAN1 interface is dhcp enabled, connecting to ISP firewall which is assigning it a private 10.x.x.x address. We requested the ISP to open up these ports on their firewall, so I could remotely log in to continue firewall configuration.
This is where behaviour gets odd.
I can browse to our public IP on the HTTPS port I set, and see the default (insecure) Fortigate certificate, so I know my web traffic is getting through, but I see nothing in the browser, and the browser tab shows rotating circle indicating it is still trying to load the page.
I can also ssh to the public IP on the SSH port I set.
However, the ssh session appears to hang if I do certain things, and consistently.
For example, if I run "show" command, it hangs always at the same part of the config (near interfaces).
Also, if I try to view firewall event logs, with the following commands, my ssh session consistently freezes:
FortiGate-200E # execute log filter category 1
FortiGate-200E # execute log display
Interestingly I'm also running Wireshark on my machine, and it looks to me like the Fortigate simply stops responding, rather than my connection dropping, as afterwards, whenever I hit a key in my ssh session, I see my machine sending PSH/ACK packets and the Fortigate responding with ACKs, even though I see nothing on the screen- the TCP session remains up.
I'm wondering whether this could be an ISP issue, but due to the consistency of these 'freezes', I think it's the Fortigate.
This page has a post from someone with very similar issues to me, and the responses suggest corrupted flash:
Since my Fortigate 200E has no hard disk, I believe it stores event logs and config in flash. So could a corruption in flash be the reason my ssh session freezes when trying to display the config or read the event logs?
One final odd thing I don't understand, is that my assistant, who has a machine connected locally to the management port of the Fortigate, can log in fine to the GUI (which must also retrieve the config from flash to display GUI), and even look at event logs in the GUI fine, so doesn't that invalidate my theory?
For the record, this is a new (but 3 years old) boxed firewall that has been sitting in a store-room for 3 years, then shipped literally round the world and back.... maybe it just got damaged?
I'm confused. Can I ask what people think?
Labels:
- Labels:
-
FortiGate
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This sounds like a connectivity issue. If I had to guess, it may be related by MTU size. You can try lowering your WAN link MTU to let's say 1300 bytes and if the issue gets resolved, you will need to find the correct MTU (ask ISP/PMTUD/PING).
References:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-ping-with-data-size/ta-p/192384
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/596096/interface-mtu-packet-size
However, a far better approach would be taking a packet capture on the client device while also simultaneously taking it on the Fortigate. You can simply compare them and see what is failing.
References:
HTH,
Boris
Boris
Related Posts
- Oracle sessions randomly hanging behind fortigate 101 Views
- Dial-up IPsec tunnels with same source... 702 Views
- Packet duplication not done in session... 159 Views
- Fortigate with Mikrotik Site to site... 426 Views
- Authd process and cpu at 99%... 435 Views
Labels
-
FortiGate
6,528 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.