Skip to main content
Enveloc
Enveloc
New Member
March 28, 2018
Question

Some websites blocked, others not - web filtering feature disabled

  • March 28, 2018
  • 7 replies
  • 230569 views

New user of Fortigate hardware here, so we are just trying to set this thing up right now. Have it attached to a standalone workstation with no web access (because we are going to replace our current gateway/router with this one)

 

As I said, the web filtering feature is disabled on the firewall, but certain websites are being blocked while others are not.

For example: Amazon.com cannot be reached and the error makes no sense to me.

 

We will worry about fine level tuning and blocking later. For now, I need to be able to get to ANY website from any PC on our network. Any suggestions?

    7 replies

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 28, 2018

    How are you testing web filtering, or no web filtering, with "no web access" you mentioned first?

      Enveloc
      EnvelocAuthor
      New Member
      March 28, 2018

      I have it configured to replace our current gateway/router, but I can only connect it to the network temporarily (replacing the existing one) for testing since it is NOT the gateway yet. When I plug it in, I go to my workstation and test connectivity. Email works, RDP works and many websites open with no issue. However Amazon and Facebook (for example) do not. I can't tell the exact error I get right now because I can't do the swap during the middle of the day.

       

      Hopefully after 2pm I can try again and I will get the actual error.

      rwpatterson
      rwpatterson
      New Member
      March 28, 2018

      Enveloc wrote:
      ...For example: Amazon.com cannot be reached and the error makes no sense to me...

       

      For starters, what is the error message?

      Enveloc
      EnvelocAuthor
      New Member
      March 28, 2018

      I get one error in Chrome and a different one in MS Edge. I would post screen shots but apparently that is not supported here, you can only post URLs for pictures from the web.

       

      Anyway, Edge says:

       This site is not secure This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.

      Go to your Start page Details Your PC doesn’t trust this website’s security certificate.

      Error Code: DLG_FLAGS_INVALID_CA

      Because this site uses HTTP Strict Transport Security, you can’t continue to this site at this time.

       

       

      Chrome says: An application is stopping Chrome from safely connecting to this site.

      "Fortinet" wasn't installed properly on your computer or the network

       

      Try uninstalling or disabling "fortinet"

      Try connecting to another network

       

      NET::ERR_CERT_AUTHORITY_INVALID

       

      Then, under "advanced," it says: "Fortinet" isn't configured correctly. Uninstalling "fortinet" usually fixes the problem.

      Applications that can cause this error include Anti-virus, Firewall and web-filtering or proxy software.

       

       

      I have not installed ANY software along with this firewall and do not have "Fortinet" installed or otherwise present to my knowledge. And this would make no sense if other websites display with no issues.

       

      metz_FTNT
      Staff
      metz_FTNT
      Staff
      November 19, 2019

      The error means the same - your browser doesn't trust the CA which signed the ssl certificate. The first thing you should check is what is the issuer of the presented certificate. In chrome and all browsers is similar, simply click the padlock in the address bar, look for certificate "issuer". 

      If you see Fortinet as issuer, that means fortigate is re-signing the certificate and acts as man-in-the-middle. May be you have deep-inspection profile applied or fortigate is trying to re-direct you to authentication page or deliver some replacement message which requires traffic decryption, there might be many reasons depends on your configuration.

        Enveloc
        EnvelocAuthor
        New Member
        March 28, 2018

        Forgot to mention this is a 60E.

        pyy
        pyy
        New Member
        March 28, 2018

        Hi Try to lower your wan interface mtu (1462) especially if you are using PPPoE or xDSL connection

        and disable full ssl inspection if it is enabled.

        Best Regards pyy

        Ranga
        Ranga
        New Member
        October 10, 2018

        Typically webfilter would not allow traffic through by default if the license had expired on it. You can verify the license using "get webfilter status".Even though ICMP allowed web traffic may not allowed.

        You can try turning off all UTM features so Fortinet will operate without nextGen features. 

        Oni1Kenobi
        Oni1Kenobi
        New Member
        November 22, 2022

        Yeah, this link didn't work for me either.  Any updates on the fix?

        procurement
        procurement
        New Member
        December 12, 2022

        I was running 6.4.6 on a 61F when this happened to us.  I updated to the 7.0 branch and everything seems fine.

        sshinde
        Staff
        sshinde
        Staff
        June 30, 2023

        What is the ultimate solution to this issue?

        imuscleupcarat
        imuscleupcarat
        Visitor III
        March 27, 2024

        Hi @Enveloc & @metz_FTNT ,

         

        Can you share how was this resolved? 

         

        Experiencing the same now

        Terms & ConditionsAccessibility statement