Skip to main content
sharpal
sharpal
Visitor III
October 31, 2025
Question

Webfilters not working and unable to see network logs from clients

  • October 31, 2025
  • 3 replies
  • 630 views
  • I need a help to send outbound connection requests logs to EMS from all the endpoint clients installed in my company devices.
    Also even thought added rules to block rules in the list it's not blocking the traffic.

3 replies

funkylicious
SuperUser
funkylicious
SuperUser
October 31, 2025

hi,

can you share more info about what you've configured in EMS ?

is it a Web Filter profile assigned to clients which contains the webfilter plugin for Chrome and FIrefox or something else?

"jack of all trades, master of none"
    sharpal
    sharpalAuthor
    Visitor III
    October 31, 2025

    Hi, not sure what plugin you are talking about. I've just enabled the WF in EMS and all client side I can see it's showing webfiltering enabled. Anything else I should explicitly setup.

    Do you have document or can help with the following logging task.

    I want to install the forticlient on all the systems and want to push netwokr request logs to EMS. E.g. Target IP, Port and doamin (optional).

    sharpal
    sharpalAuthor
    Visitor III
    October 31, 2025

    Attaching ss for your ref.
    Screenshot from 2025-10-31 13-09-11.pngScreenshot from 2025-10-31 13-09-18.pngScreenshot from 2025-10-31 13-09-25.png

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    October 31, 2025

    awesome.

    i assume that this Web FIlter profile is assigned to a Endpoint Policy and in the All Endpoints you can see the Web Filter events tab when selecting an endpoint.

    make sure that in Endpoint Profiles > System Settings > in the Log tab you have Web Filter enabled.

    "jack of all trades, master of none"
      sharpal
      sharpalAuthor
      Visitor III
      October 31, 2025

      yeah on client I can see web filter enabled and inside log tab also it's enabled.

      sharpal
      sharpalAuthor
      Visitor III
      October 31, 2025

      Also what about the curl or wget kind of requests? I want to log all the network logs not just the blocked one? 

      Also how to configure blocked site? That is also not working.

      funkylicious
      SuperUser
      funkylicious
      SuperUser
      October 31, 2025

      i dont think FortiClient/EMS was meant to monitor and block traffic that isnt from a browser initiated, like you are describing.

      it appears that from what you need is that a FortiGate to handle/reach this traffic and in it you can block/log it.

      "jack of all trades, master of none"
        sharpal
        sharpalAuthor
        Visitor III
        October 31, 2025

        Could you please help me setup this fortigate?

        Also the forticlient EMS can handle normal browser traffic write. can you see why atleast that is not working here?

        Terms & ConditionsAccessibility statement