Skip to main content
suzuye
suzuye
New Member
December 17, 2024
Solved

About Fortigate WebFilter

  • December 17, 2024
  • 2 replies
  • 3507 views

WebFilter is blocking a lot of traffic to the following URL.

It looks like it's Microsoft traffic, but the category is (Uncategorized).

Is this a feature that FortiGate is designed to block?

 

http://48.210.69.87/filestreamingservice/files/xxxxxxxxxxxxxxxxxxx==&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com 

("xxxxxxxxxxxxxxxxxxx" is a random string)

 

FortiOS 7.0.15

Best answer by suzuye

Hi, dingjerry_FTNT

After monitoring the situation for a few days, it appears that some of the communications related to Microsoft are still being blocked. Since there are a large number of Microsoft-related addresses, it seems that the addresses that cannot be categorized in time are being blocked and displayed in the logs.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-Windows-update-blocked-by-FortiGate/ta-p/274113

 

There are no issues such as the inability to perform Windows Update, but the logs become difficult to read, so I added the settings mentioned in the above URL.


After applying the settings, the logs have become easier to read.

I think this could be a feature that can be turned ON/OFF by default in the OS.

2 replies

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
December 17, 2024

Hi @suzuye ,

 

Please check what category the URL belongs to here:

 

https://www.fortiguard.com/webfilter

 

I can see that "48.210.69.87" belongs to "Not Rated" category (NOT Uncategorized)

 

You can submit a request to categorize this URL:

 

https://www.fortiguard.com/faq/wfratingsubmit?url=48.210.69.87

 

Meanwhile, you may check this KB article on how to override the web rating for the specific URL:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-web-rating-override-for-specific/ta-p/193384

 

    suzuye
    suzuyeAuthor
    New Member
    December 17, 2024

    Hi, dingjerry_FTNT

     

    Thank you for the information.

    I knew about the following request method.

    https://www.fortiguard.com/faq/wfratingsubmit

     

    I have made several requests using this method and been categorized, but the address part of "48.210.69.87" changes frequently.

    At times, I have made requests 2-3 times in a week.

    Is there no other way than to continue this process forever?

     

    In addition, the address part changes frequently, and there seem to be various patterns for the "1D.tlu.dl.delivery.mp.microsoft.com" part, as shown below.

    officecdn.microsoft.com
    2.tlu.dl.delivery.mp.microsoft.com
    tlu.dl.delivery.mp.microsoft.com

    ・
    ・
    ・

     

    Thank you in advance.

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    December 17, 2024

    Hi @suzuye ,

     

    My guess is that the IP 48.210.69.87 might belong to a shared server and not under your control.

     

    If so, you may not request recategorizing it. You may consider using the custom category or the static URL Filter to exempt it:

     

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow-block/ta-p/193086

      suzuye
      suzuyeAuthorAnswer
      New Member
      December 26, 2024

      Hi, dingjerry_FTNT

      After monitoring the situation for a few days, it appears that some of the communications related to Microsoft are still being blocked. Since there are a large number of Microsoft-related addresses, it seems that the addresses that cannot be categorized in time are being blocked and displayed in the logs.

       

      https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-allow-Windows-update-blocked-by-FortiGate/ta-p/274113

       

      There are no issues such as the inability to perform Windows Update, but the logs become difficult to read, so I added the settings mentioned in the above URL.


      After applying the settings, the logs have become easier to read.

      I think this could be a feature that can be turned ON/OFF by default in the OS.

      Terms & ConditionsAccessibility statement