Skip to main content
FotTil
FotTil
New Member
February 1, 2026
Question

FortiDeceptor Web Filtering Problem

  • February 1, 2026
  • 3 replies
  • 194 views

Hello Fortinet community,

 

We are facing a problem right now, trying to connect our FortiDeceptor physical appliance (v6.1.0) to FortiGuard web filtering Server through our proxy. Specifically:

 

Failed to verify web filter server: Error happened when verifying FDN/WF server (154.52.24.78:443) ce
rtificate: 'NoneType' object has no attribute 'splitlines'

 

As far as I understand, there seems to be a problem with SSL certificate. How could I proceed further?

 

Thanks in advance.

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
February 4, 2026

Hello FotTil, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
February 5, 2026

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
February 6, 2026

Hello again FotTil,

 

I found this answer. Can you tell us if it helps, please?

 

To address the issue you're facing with connecting your FortiDeceptor appliance to the FortiGuard web filtering server, follow these troubleshooting steps:

 

1. Verify SSL Certificate

The error message indicates a problem with the SSL certificate verification. Here are some steps to troubleshoot:

  • Check SSL Inspection: Ensure that SSL inspection is not being performed on the traffic between your FortiDeceptor and the FortiGuard server. SSL inspection can alter the server certificate, leading to verification failures.

  • Certificate Chain: Verify that the complete certificate chain is trusted by your FortiDeceptor. You may need to import the necessary root and intermediate certificates into the FortiDeceptor's trusted certificate store.

2. Proxy Configuration

Since you are using a proxy, ensure that the proxy settings are correctly configured:

  • Proxy Type: Confirm that the correct proxy type is selected (HTTP Connect, SOCKS v4, or SOCKS v5).

  • Credentials: Ensure that the proxy username and password are correctly configured if authentication is required.

3. Network Configuration

Check the network configuration to ensure that the FortiDeceptor can reach the FortiGuard server:

  • Firewall Rules: Verify that there are no firewall rules blocking the connection to the FortiGuard server IP (154.52.24.78) on port 443.

  • Port and Protocol: Consider changing the FortiGuard port to 8888 and the protocol to UDP, as suggested in the troubleshooting context.

4. Packet Capture and Logs

Perform a packet capture to analyze the SSL handshake process:

  • Sniffer Command: Use the sniffer command to capture packets and verify the SSL handshake. For example:

    diagnose sniffer packet any 'host 154.52.24.78' 6 0 l

 

  • Logs: Check the FortiDeceptor logs for any additional error messages or clues.

5. Adjust TCP MSS

If there is a possibility of MTU issues, consider adjusting the TCP MSS on the WAN interface:

 

config system interface edit wan  # Replace 'wan' with your actual WAN interface name set tcp-mss 1350  # Adjust as necessary end

 

Final Steps

  • Test Connection: After making changes, use the "Test Connection" feature to verify connectivity to the FortiGuard server.

  • Apply Changes: Ensure that all changes are applied and saved.

 

If the issue persists after following these steps, consider reaching out to Fortinet Support for further assistance.

Jean-Philippe - Fortinet Community Team
Terms & ConditionsAccessibility statement