Skip to main content
Tutek
Tutek
New Member
June 2, 2026
Question

Why "Web page blocked" is not displaying when website id blocked by dns profile?

  • June 2, 2026
  • 1 reply
  • 60 views

Hi,

according to this article:
 

webpages blocked by DNS-Profile should be redirected to FortiGate DNS block IP 208.91.112.55 and display a warning like this:

However in my config when I enter to category blocked on the DNS-Profile like “Games” then I have red certificate warning, the certificate is

issued by Fortiguard SDNS Blocked Page:

every clients PC have imported Fortigate_CA_SSL certificate in Trusted Root Certification Authorities store.

How to restore this blocked page when webpage is blocked by DNS-profile?

1 reply

Sheikh
Staff
Sheikh
Staff
June 2, 2026

Hello ​@Tutek,

This is expected behavior for HTTPS sites blocked by a DNS Filter profile.

DNS Filter redirects the request to the FortiGuard SDNS block page (208.91.112.55), but the browser expects a certificate for the original hostname (for example www.gry.pl,). Because the block page presents a different certificate, the browser displays a certificate warning instead of the standard "Web Page Blocked" page.

 - HTTP: Block page displays normally.
 - HTTPS: Certificate warning may appear before the block page.

Importing Fortigate_CA_SSL does not resolve the hostname mismatch.
For a seamless HTTPS block page, use Deep SSL Inspection with Web Filtering rather than DNS Filter redirection alone.

https://community.fortinet.com/fortigate-3/technical-tip-replacement-message-not-visible-for-all-websites-when-accessing-blocked-websites-by-web-filter-and-application-control-176510
 


https://docs.fortinet.com/document/fortigate/8.0.0/administration-guide/150448/troubleshooting-for-dns-filter

regards,

 

Sheikh

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.
    Terms & ConditionsAccessibility statement