My Fortigate 100D sometime block my application server and sometime allow it ???? | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!My Fortigate 100D sometime block my application server and sometime allow it ????

Author Post Essentials Only Full Version
mmh2005 New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2020/11/26 15:41:07 Status: offline 2020/11/27 14:30:06 (permalink) 5.2 0 My Fortigate 100D sometime block my application server and sometime allow it ???? I have a firewall fortigate 100D and a local application server 192.168.10.10 when to try to login to the application from the internet sometimes works and sometimes blocked by firewall policy !! how is that !! it should be blocked or allowed but sometimes blocked and sometimes allowed is a very strange , when it is allowed it used one of the policy rules ( Rule ID 5 ) , please let me know the reason for this , many customers complains that they cannot access the application and some of them can access , I checked the logs and can see the traffic is blocked from some customers and allowed for other ?? attach some pictures for the problem please guide me to the solution . Thanks again Attached Image(s) #1 4 Replies Related Threads
mmh2005 New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2020/11/26 15:41:07 Status: offline Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/28 11:19:36 (permalink) 0 my question in other words .. Why can I browse my application server from the internet when I use VPN software ( like VPN Express ) and I cannot browse the same server without this VPN connection from the same PC or mobile . need help #2
lobstercreed Platinum Member Total Posts : 360 Scores: 43 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 04:44:19 (permalink) 0 I'm rather confused by the inconsistent behavior you're describing, but I think it's worth pointing out that the destination interface on the screenshots you shared are "ssl.root" so it seems like you have the firewall trying to route that traffic out to an SSL-VPN user instead of the proper interface where the server is located (you didn't mention if it was DMZ or LAN or what). Perhaps you have a policy route that makes it work sometimes? #3
mmh2005 New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2020/11/26 15:41:07 Status: offline Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 07:34:00 (permalink) 0 Hi lobstercreed , Thanks for your answer, I noted what you are talking about that the firewall pointing out the destination interface as "SSL.root ", but the way the application server located in LAN and there is no DMZ, the firewall has only two interfaces connected to LAN and WAN. as I mentioned above the traffic is accepted by the firewall when I'm using any VPN application like VPN Express or Urban VPN from my PC and when I disconnect the VPN then I'm not able to connect to my application and got the same message in the firewall logs, also the policy ID that was blocking the traffic id policy ID = 0 which I think this is the global deny policy which blocking any traffic not mentioned in the rules created. please check the attached picture. please give me your opinion, I can send you a screenshot of the firewall rules. Thanks again... Attached Image(s) #4
lobstercreed Platinum Member Total Posts : 360 Scores: 43 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: offline Re: My Fortigate 100D sometime block my application server and sometime allow it ???? 2020/11/29 17:57:36 (permalink) 0 Well whatever the case, it appears your firewall is trying to route traffic destined for 192.168.10.10 to your SSL VPN and there is no policy allowing that. You should be able to resolve the undesired behavior when you fix your incorrect routing. #5

Jump to:

© 2021 APG vNext Commercial Version 5.5