Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiDAST 25.3.0 User Guide
    25.3.0
    25.4.0
    25.3.0
    25.2.a
    25.2.0
    25.1.0
    24.4.0
    24.3.a
    24.3.0
    24.2.0
    24.1.0
    23.4.0
    23.3.a
    23.3.0
    23.2.0
    23.1.a
    23.1.0

    FortiDAST Proxy Troubleshooting FAQs

    FortiDAST Proxy Troubleshooting FAQs

    My internal target is up, but Authorization is still failing. What could be the issue?

    Check if the Proxy Icon on the Scans Overview page is red. This indicates the proxy tunnel is not up. Bring up the proxy server container and try to authorize again once the proxy icon turns green. If the proxy is up but authorization still fails, make sure to whitelist the FortiDAST IP (35.222.40.56) in your firewall if you have any geo-restrictions enabled.

    FortiDAST Proxy shows up in the UI, but my scan is failing. What could be the issue?

    Ensure the target application is reachable from the FortiDAST proxy server Docker container. Check if you can curl the target URL from the proxy server Docker instance and receive a 200 OK response. If curl fails, check if HTTP/HTTPS communication is allowed between the proxy server Docker container and the target server.

    docker exec -it <containerid> /bin/sh

    curl -v <targeturl>

    My FortiDAST Proxy server container is not coming up. What could be the issue?

    Check the Docker logs of the container:

    docker logs <containerid>

    One reason could be if you are using an older version of the YAML file and have generated a new privileged API key in DAST settings. In that case, you will see a key not matching error similar to:

    Connection failed: {"Status":"Unauthorized access - key not matching"}

    Download the new YAML file again from the DAST Proxy section in the scan configuration page. Another reason could be an issue with the proxy server Docker image or a version mismatch. Pull the latest image from the FortiDAST registry: registry.fortidast.forticloud.com.

    My FortiDAST Proxy and targets are up, but I am seeing "Internal error encountered during scan. Please check logs or contact tech support."

    Check if your target application can handle multiple concurrent requests from FortiDAST. If any rate limits are configured in your WAF/firewall, it can lead to such failures. Whitelist the FortiDAST IP in your WAF/firewall.

    You can perform a small test using the Apache HTTP server benchmarking tool (https://httpd.apache.org/docs/2.4/programs/ab.html) on your target application to see if any failures occur.

    ab -n 1000 -c 100 http://<targeturl>

    This sends 1000 requests to the target URL with 100 concurrent requests. If you see any failures, check your WAF/firewall logs to determine if any rate limits are configured and if the FortiDAST IP is whitelisted.

    My FortiDAST Proxy scan was running fine but aborted with the error "Proxy server no longer running, Terminating scan."

    This can happen due to an issue with the proxy server not responding or network connectivity issues between the FortiDAST cloud and the proxy server, which can lead to the tunnel going down. Check for any network connectivity issues on your proxy server machine or any issues with the DAST Proxy Docker container.

    Previous
    Next

    FortiDAST Proxy Troubleshooting FAQs

    FortiDAST Proxy Troubleshooting FAQs

    My internal target is up, but Authorization is still failing. What could be the issue?

    Check if the Proxy Icon on the Scans Overview page is red. This indicates the proxy tunnel is not up. Bring up the proxy server container and try to authorize again once the proxy icon turns green. If the proxy is up but authorization still fails, make sure to whitelist the FortiDAST IP (35.222.40.56) in your firewall if you have any geo-restrictions enabled.

    FortiDAST Proxy shows up in the UI, but my scan is failing. What could be the issue?

    Ensure the target application is reachable from the FortiDAST proxy server Docker container. Check if you can curl the target URL from the proxy server Docker instance and receive a 200 OK response. If curl fails, check if HTTP/HTTPS communication is allowed between the proxy server Docker container and the target server.

    docker exec -it <containerid> /bin/sh

    curl -v <targeturl>

    My FortiDAST Proxy server container is not coming up. What could be the issue?

    Check the Docker logs of the container:

    docker logs <containerid>

    One reason could be if you are using an older version of the YAML file and have generated a new privileged API key in DAST settings. In that case, you will see a key not matching error similar to:

    Connection failed: {"Status":"Unauthorized access - key not matching"}

    Download the new YAML file again from the DAST Proxy section in the scan configuration page. Another reason could be an issue with the proxy server Docker image or a version mismatch. Pull the latest image from the FortiDAST registry: registry.fortidast.forticloud.com.

    My FortiDAST Proxy and targets are up, but I am seeing "Internal error encountered during scan. Please check logs or contact tech support."

    Check if your target application can handle multiple concurrent requests from FortiDAST. If any rate limits are configured in your WAF/firewall, it can lead to such failures. Whitelist the FortiDAST IP in your WAF/firewall.

    You can perform a small test using the Apache HTTP server benchmarking tool (https://httpd.apache.org/docs/2.4/programs/ab.html) on your target application to see if any failures occur.

    ab -n 1000 -c 100 http://<targeturl>

    This sends 1000 requests to the target URL with 100 concurrent requests. If you see any failures, check your WAF/firewall logs to determine if any rate limits are configured and if the FortiDAST IP is whitelisted.

    My FortiDAST Proxy scan was running fine but aborted with the error "Proxy server no longer running, Terminating scan."

    This can happen due to an issue with the proxy server not responding or network connectivity issues between the FortiDAST cloud and the proxy server, which can lead to the tunnel going down. Check for any network connectivity issues on your proxy server machine or any issues with the DAST Proxy Docker container.

    Previous
    Next