Transparent Mode- WebFiltering has been block

What log entries appear after enabling transparent mode? Do you have a default gateway set on the FortiGate that still allows access to FortiGuard?

What firmware version are you running?

On the GUI, what is the license status from the FortiGate's perspective? Do all services show as registered?

Run 'diag debug rating' to check whether a list of web filtering servers was successfully returned, and 'diag auto ver' to check the results of the last FortiGuard update.

If you are using port 53 (default) for FGD updates, consider using port 8888 and test again (this can be changed under System > Config > FortiGuard).

Thank for your answer i will change port53 to 8888 try in FTG but i still wonder in fortigate cannot ping to internet so how can FTG update when change port to 8888.

Our Version is v5.0,build0271 so we need to update to 5.2....  or not.

Best Regard,

Ok now Web Filtering is enabled for use and also can use FortiGuard, but i wonder when i use FortiGuard Category i only block Proxy avoidance then after apply policy all website have been block don't know why ?

Please help me fix this issue thank!!!!

Are you using the FortiGate as an explicit proxy for any internal hosts?

We closed that loophole recently, but up until now, you could block proxy avoidance as a category or an IPS signature while performing explicit proxy, which contradicts itself and causes traffic to fail.

Hi!

I am not use Expicit Proxy i am use only proxy web filtering and i block as category for internal host, if i block manual as URL Filtering there are no problem, but after enable FortiGuard is block all website so i need to use explicit proxy one more right and please guide me to do that thank. 

If all sites are being blocked after enabling FortiGuard, I wonder if there are still issues for the FortiGate to reach FortiGuard in time, or at all.

Could you provide some sample log entries for blocked sites, a screenshot of a client browser and the message received when a site is blocked, as well as the output from 'diag debug rating' and 'diag autoupdate status'?

Try temporarily allowing websites with a rating error and troubleshoot what looks like a very poor connection to FortiGuard servers. The server list could be resolved by DNS, but it looks like most/all servers are unreachable. Are any upstream devices blocking the traffic on port 53 or 8888?

The webfilter profile setting would be "Allow Websites When a Rating Error Occurs".