This article assumes there is already an existing setup working WCCP setup using FortiGate and FortiProxy. Refer to this article for further reference: Technical Tip: WCCP between FortiGate and FortiProxy

Whenever there are FortiGuard categories set to warning in the webfilter profile used in the FortiProxy for WCCP, it is required to ensure that the client device traffic to port 8010 is forwarded to the FortiProxy by the FortiGate for FortiGuard block and override pages to work.

Required configuration.

On FortiGate:

1. On the firewall policy with WCCP enabled, ensure to allow port 8010.

From GUI:

From CLI:

2. Create a custom entry to allow custom ports to be forwarded:

On FortiProxy:

1. Add port 8010 under wccp settings:

The Issue observed before making the changes above:

The user device will run into an error upon selecting proceed on the FortiGuard warning page.

Post making the changes:

The site is reachable after selecting ‘Proceed’.