Hot!My Fortigate 100D sometime block my application server and sometime allow it ????

Author
mmh2005
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/11/26 15:41:07
  • Status: offline
2020/11/27 14:30:06 (permalink) 5.2
0

My Fortigate 100D sometime block my application server and sometime allow it ????

I have a firewall fortigate 100D and a local application server 192.168.10.10 when to try to login to the application from the internet sometimes works and sometimes blocked by firewall policy !! how is that !! it should be blocked or allowed but sometimes blocked and sometimes allowed is a very strange , when it is allowed it used one of the policy rules ( Rule ID 5 ) , please let me know the reason for this , many customers complains that they cannot access the application and some of them can access , I checked the logs and can see the traffic is blocked from some customers and allowed for other ??
attach some pictures for the problem 
please guide me to the solution .
Thanks again

Attached Image(s)

#1

4 Replies Related Threads

    mmh2005
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/11/26 15:41:07
    • Status: offline
    Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/28 11:19:36 (permalink)
    0
    my question in other words .. Why can I browse my application server from the internet when I use VPN software ( like VPN Express ) and I cannot browse the same server without this VPN connection from the same PC or mobile .
     
    need help
    #2
    lobstercreed
    Platinum Member
    • Total Posts : 360
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 04:44:19 (permalink)
    0
    I'm rather confused by the inconsistent behavior you're describing, but I think it's worth pointing out that the destination interface on the screenshots you shared are "ssl.root" so it seems like you have the firewall trying to route that traffic out to an SSL-VPN user instead of the proper interface where the server is located (you didn't mention if it was DMZ or LAN or what).  Perhaps you have a policy route that makes it work sometimes?
    #3
    mmh2005
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/11/26 15:41:07
    • Status: offline
    Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 07:34:00 (permalink)
    0
    Hi lobstercreed , 
     
    Thanks for your answer, I noted what you are talking about that the firewall pointing out the destination interface as "SSL.root ", but the way the application server located in LAN and there is no DMZ, the firewall has only two interfaces connected to LAN and WAN.
    as I mentioned above the traffic is accepted by the firewall when I'm using any VPN application like VPN Express or Urban VPN from my PC and when I disconnect the VPN then I'm not able to connect to my application and got the same message in the firewall logs, also the policy ID that was blocking the traffic id policy ID = 0 which I think this is the global deny policy which blocking any traffic not mentioned in the rules created.
    please check the attached picture.
    please give me your opinion, I can send you a screenshot of the firewall rules.
     
    Thanks again...
     

    Attached Image(s)

    #4
    lobstercreed
    Platinum Member
    • Total Posts : 360
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 17:57:36 (permalink)
    0
    Well whatever the case, it appears your firewall is trying to route traffic destined for 192.168.10.10 to your SSL VPN and there is no policy allowing that.  You should be able to resolve the undesired behavior when you fix your incorrect routing.
    #5
    Jump to:
    © 2021 APG vNext Commercial Version 5.5