Skip to main content
dime
dime
New Member
January 23, 2018
Question

Web filtering on Fortinet 90D

  • January 23, 2018
  • 2 replies
  • 24133 views

Hi all

We used to have a web filter in place for one of our clients which stopped them accessing YouTube etc. They have since decided they want this turned off which we have done from the web interface however, they are still unable to access YouTube. I'm new to looking at Firewalls etc and do we need to perform a restart in order for the Firewall to pick this change up? I've had a look within Application Control and video/audio is allowed so I'm a little bit confused as to where this is now being blocked from? Any help would be gratefully received.

Thanks

Josh

    2 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 23, 2018

    hi,

     

    there might be a chance that there are still old sessions continuing even after you've changed the webfilter setting. A reboot of the FGT will clear all sessions of course, and it will clear up possible memory issues etc. I'd try that first, preferably at night/low-traffic periods.

    dmcquade
    dmcquade
    New Member
    January 24, 2018

    If the firewall is blocking access, there is unlikely to be any open sessions. I'd start by logging all traffic on the rule and review each security profile applied to the rule that allows this traffic. Chances are the forward traffic log will tell you something about what is causing the block. Are there any block messages displayed? If so, it should say somewhere on the page why it is being blocked. I.E. Webfiltering, Application Control, IPS, etc.

     

    HTH

    d

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 24, 2018

    and as usual, 'diag debug flow' is your friend...the end to speculation.

    bbrown
    bbrown
    New Member
    February 20, 2018

    Wow and this goes unanswered. I have a similar problem with a 60E device.

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 22, 2018

    As with quite a few threads, the OP hasn't followed up. Perhaps we'll never know what his/her solution was.

     

    It may be a config error, some other UTM (AppControl), routing, policies, wrong custom service,...working on such thin ice can be frustrating at times. And usually will not yield a solid answer ('shit in, shit out').

    Terms & ConditionsAccessibility statement