Skip to main content
aagrafi
aagrafi
New Member
January 31, 2018
Solved

Web filtering not working though Fortiguard is enabled

  • January 31, 2018
  • 1 reply
  • 33811 views

Hello,

 

I'm facing the following strange problem with web filtering in 5.6.3. Please notice that the problem appeared after I registered my FG to an FMG for testing purposes, but now FG is deregistered, however the problem persists.

 

So, it appears that web filtering is not blocking what it should block, and I see log messages saying "FortiGuard is enabled in the protection profile but the FortiGuard service is not enabled." and other messages saying:

no rating service is foundURL TypehttpsMessagePolicy allows URLs when a rating error occurs

 

Needless to say that Fortiguard is up and running, or at least it seems so in the system's dashboard. I did a check in System > Fortiguard > Filtering Services Availability and got a "Both web filter and antispam services are available".

 

Does anybody know what's going on here?

 

Thanks

    Best answer by dingjerry_FTNT

    This might be due to this Mantis Bug #451801

     

    Double check whether you have a system template applied with your FGT or not.

     

    If yes, double check whether "FortiGuard" widget is there or not. If yes, either enable it or delete it.

     

    If you leave the widget there, and don't check the option "Enable FortiGuard Security Updates", FMG will apply "antispam-force-off" and "webfilter-force-off" with "enable" setting.

    1 reply

    aagrafi
    aagrafiAuthor
    New Member
    January 31, 2018

    Here is some more information I gathered during my troubleshooting:

     

    diagnose debug rating: The service is not enabled :o

     

    config system fortiguard

      set webfilter-force-off enable :o

     

    Where the fuck did this command come from??? When I changed to enable, everything in web filtering worked fine.

     

    And why the did the dashboard or the Fortiguard GUI didn't show anything wrong? On the contrary, they showed me that the service was available... I'm pretty sure that the FMG caused all this mess, but I expect that the fortigate's GUI wouldn't fool me.

     

    I'm very much interested in having your experience to similar incidents.

     

    Thanks 

    dingjerry_FTNT
    Staff
    dingjerry_FTNTAnswer
    Staff
    April 10, 2018

    This might be due to this Mantis Bug #451801

     

    Double check whether you have a system template applied with your FGT or not.

     

    If yes, double check whether "FortiGuard" widget is there or not. If yes, either enable it or delete it.

     

    If you leave the widget there, and don't check the option "Enable FortiGuard Security Updates", FMG will apply "antispam-force-off" and "webfilter-force-off" with "enable" setting.

    Terms & ConditionsAccessibility statement