Skip to main content
KC_Cheong
KC_Cheong
New Member
December 29, 2008
Question

Web Filtering Unreachable

  • December 29, 2008
  • 8 replies
  • 51129 views
On my Fortigate 50B, under status for Web Filtering it was showing Unreachable. For both IPS and AntiVirus it show the Licensed and Expires dates. Any causes for Web Filtering show as Unreachable? btw the 50B Operation Mode was set as Transparent.

    8 replies

    abelio
    SuperUser
    abelio
    SuperUser
    December 29, 2008
    Hello and welcome, many possible causes; first and more obvious: browse menu System->Maintenance->FortiGuard Center -> Web Filtering and AntiSpam Options Is WF enabled there?
    KC_Cheong
    KC_CheongAuthor
    New Member
    December 30, 2008
    alright found out that if set to use port 8888 it work. The Default port 53 will give Unreachable problem.
    KC_Cheong
    KC_CheongAuthor
    New Member
    December 31, 2008
    Today I got these Web Filtering & AntiSpam Unreachable again !!! When using the " Test Availability" on either port 8888 or 53, it always show " DNS Error. Please check the DNS setting of the Firewall. I am pretty sure the DNS settings are correct - How come so unstable? btw already using the latest firmware 3.00-b0733(MR7 Patch 2)...
    abelio
    SuperUser
    abelio
    SuperUser
    January 1, 2009
    . I am pretty sure the DNS settings are correct - How come so unstable? btw already using the latest firmware 3.00-b0733(MR7 Patch 2)...
    Maybe the issue originates in another place. Check carfefully this articles in your network and against your Isp: http://kc.forticare.com/default.asp?id=1742 and http://kc.forticare.com/default.asp?id=1839 regards
    laf
    laf
    New Member
    December 31, 2008
    Post your dns settings: show system dns
    A
    Anonymous_User
    Contributor
    January 12, 2011
    the solutions is to not use the option override internal DNS from the external interface (for example wan1).
    Austin_M
    Austin_M
    New Member
    March 5, 2011
    Hi , There is an article in KB which suggests to use a higher range of ports to do the fortiguard updates as some ISPS block lower range source ports
    Phuoc_Ngo
    Phuoc_Ngo
    New Member
    March 19, 2012
    We experience this same issue and the root cause was that we have the IPSec policy with the destination set to ALL. This in turn route all Fortigate traffic to the IPSec tunnel.
    josh
    josh
    New Member
    November 1, 2017

    Phuoc Ngo wrote:
    We experience this same issue and the root cause was that we have the IPSec policy with the destination set to ALL. This in turn route all Fortigate traffic to the IPSec tunnel.

    I've been experiencing the same issue and can confirm this was the case. Source and destination on the VPN P2 config was set to 0.0.0.0/0. Regardless of setting source-IP on logging, etc. it would tunnel data over the IPSec interface "from the box". I find this odd, but I get it.

     

    Resolution is to not use any source/destination in IPSec P2 config. I'm running FortiOS 5.6.2 on one end and 5.4.1 on the other.

    Fullmoon
    Fullmoon
    New Member
    January 5, 2015

    KC Cheong wrote:
    On my Fortigate 50B, under status for Web Filtering it was showing Unreachable. For both IPS and AntiVirus it show the Licensed and Expires dates. Any causes for Web Filtering show as Unreachable? btw the 50B Operation Mode was set as Transparent.

    this issue occurred if you dont apply web filter profile in any policies.

    Terms & ConditionsAccessibility statement