Skip to main content
defsdefs12
defsdefs12
Explorer
October 26, 2024
Question

FortiGate WebFilter Issue

  • October 26, 2024
  • 7 replies
  • 10422 views

Hi guys, 

 

We would like to seek similar encountered issue and how did you guys resolve this. We're currently encountering an issue regarding our Web Filter as wherein all access going through internet policies with Web Filter encountered web rating error occured. Had to create a temporary policy without added WebFilter Profile however this impose risks. 

 

What should be the workaround for this one for it to work properly again? Suggestions are highly appreciated. Thank you in advance. 

7 replies

js2
Staff
js2
Staff
October 26, 2024

Hi defsdefs,

 

Check the web-filter license status.

Go to Security Profiles -> Web Filter, select the Profile to use, and under 'Rating Options' enable 'Allow Websites When a Rating Error Occurs'.

 

You can refer on this article:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-Page-Blocked-with-An-error-occurred/ta-p/191998

SATNOC
SATNOC
New Member
October 26, 2024

Good morning,

there is no licensing problem ! On the 400E the problem is present. On the 100E - 60F-61E there is no problem.

lrazmadze
lrazmadze
New Member
October 26, 2024

are webfilter and antispam services down? 

 

 

WhatsApp Image 2024-10-26 at 10.17.16_1be51574.jpg

js2
Staff
js2
Staff
October 26, 2024

Hi lrazmadze,

 

Yes the services are down. You can verify on changing the port to UDP 8888 or 53.

Refer on this below article:

 https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGuard-Web-Filtering-problems/ta-p/196965

 

dvandermeij
dvandermeij
New Member
October 26, 2024

I had the same issue at 2 of the 4 firewalls I'm managing. Don't know if it was coincidence, but it started working again after I disabled the anycast on those firewalls. That was already disabled on the other 2 working firewalls.

 

# config system fortiguard
    set fortiguard-anycast disable  

    defsdefs12
    defsdefs12Author
    Explorer
    October 26, 2024

    What is the FGT version for your devices having an issue? Does this have a bearing? We're currently at v7.2.7 

     

    Or this is reachability of our public to FGT DNS/Filtering Servers

    dvandermeij
    dvandermeij
    New Member
    October 26, 2024

    7.2.8 and 7.2.10; both located in the Netherlands.

      Michael-HPGR
      Michael-HPGR
      Visitor III
      October 26, 2024

      Hello, 

      I have the same issue; I temporarily disabled the Webfilter until they resolve it. There should be an announcement for such problems.

        connectbv
        connectbv
        Visitor III
        October 26, 2024

        This morning I had the same problem on three devices. Turned it off on the UTM profiles and everything worked. Do we have a solution for this problem?

          Michael-HPGR
          Michael-HPGR
          Visitor III
          October 26, 2024

          There are users working, so I’ll try late at night. In any case, support needs to look into the issue because I see that many devices are having problems.

          sokolisko
          sokolisko
          New Member
          October 26, 2024

          Hi, the same problem in Poland. I have to disable web filtering on firewall policys.

          Do you know when this will be fixed?

           

          Michael-HPGR
          Michael-HPGR
          Visitor III
          October 26, 2024

          I haven’t tried it yet, but I think it’s been fixed. If you’re still experiencing issues, go to Policy & Objects --> Firewall Policy --> edit your outgoing policy and disable Web Filter.

           

          security_profiles.png

           

           

           

           

           

          dkochhar
          Staff
          dkochhar
          Staff
          October 26, 2024

          @connectbv do you have fortiguard-anycast disable or enabled in your config ?
          You can check it through following:

          #config system fortiguard
          #show full | grep anycast

          connectbv
          connectbv
          Visitor III
          October 26, 2024

          Now I looked immediately and got this result. But I noticed that the FortiGuard service is currently UP. 

           

          fg1.pngfg2.png

          vbandha
          Staff
          vbandha
          Staff
          October 26, 2024

          @defsdefs12 

          Please try to change the fortiguard settings to these:

           

          config system fortiguard

          set fortiguard-anycast disable

          set protocol udp

          set port 53

          set sdns-server-ip 208.91.112.220

          set source-ip <WAN IP>

          end

           

          https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-connect-to-FortiGuard-servers/ta-p/226149

           

          If you are using SD WAN then make sure this setting is configured:

          config system fortiguard

          set interface-select-method sdwan

          end

           

          After that check the fortiguard connectivity using this command:

          di deb rating

           

          If you are still having issue you can configure the webfilter to allow traffic when rating error occurs until the issue is resolved:

          https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-Page-Blocked-with-An-error-occurred/ta-p/191998

           

          Regards,

          Varun

          Terms & ConditionsAccessibility statement