FortiClient Webfilter blocks legitimate webtraffic because "unknown"

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Hi,

Sorry, we're still trying to get you an answer or reply. In the meantime, if anyone viewing this topic has a possible answer, your input is welcomed.

Hello Stephen

Many thanks for your response.

If you need any logs or something similar, please let me know.

I assume, for some reason, FortiClient cannot reach FortiGuard services, but I dont know good techniques to test that properly. The only thing I have tried is reaching fortiguard.net and it was at least possible to resolve this FQDN to IP. Do you have any suggestions on what I could try to troubleshoot that properly?

Thanks!

Sorry this is taking a while, coregonus. I take it you have consulted this article/doc? https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-Web-Filtering-rating/ta-p/219265

Hello Stephen, thanks for the link above, where its pointed out that fgd1.fortigate.com specifically needs to be reachable. The next time one of the users will report that issue, I'm going to check, if this URL fgd1.fortigate.com is reachable. What I often miss in FortiClient is some sort of health status page, where I could shortly check basics like:

• Is this FortiGuard service reachable and correctly connected?

This would make life much easier, at the moment it is just guessing. Maybe the computer itself can ping FortiGuard services, but FortiClient maybe still cannot correctly connect to it. In these situations I'm almost completely blind. Then I need to export FortiClient debug log, where most of the information is not clear to me what it means. If I could raise a feature request, it would be for sure this one: health status for FortiClient :) would save you a lot of work too, if clients would not raise incident tickets for basic problems. Thanks!