This article describes how to resolve the issues with 'web filter block override' and 'invalid FortiGuard filtering override request'.
Scope
FortiGate.
Solution
Configure the FortiGate to use local/custom categories and/or to use FortiGuard categories.
The FortiGate uses some ports to communicate with FortiGuard to validate/verify each category.
Sometimes, the Internet browser shows a message like this:
'Web filter block override' / 'invalid FortiGuard filtering override request' is shown because the website is using a port configured in the FortiGate to connect with FortiGuard only for 'web rating override'.
These ports are as follows:
- Port 8008 is used by the FortiGate to authenticate with FortiGuard when a http override request occurs (FortiGuard web filter http override authentication).
- Port 8010 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs (FortiGuard web filter https override authentication).
- Port 8015 is used by the FortiGate to authenticate with FortiGuard when a https override request occurs in flow mode (FortiGuard web filter https override authentication).
- Port 8020 is used by the FortiGate for FortiGuard web filter warning authentication.
The solution, in these cases, is to disable these ports or to change the ports.
Configure at least a port not used by the FortiGate (example: change 8008 by 9008, or 8010 by 9010, or 8020 by 8030).
Example to disable the ports:
config webfilter fortiguard
set close-ports enable
end
Example to change the ports:
config webfilter fortiguard
set ovrd-auth-port-http 8008
set ovrd-auth-port https 8010
set ovrd-auth-port-https-flow 8015
set ovrd-auth-port-warning 8020
end
Change:
config webfilter fortiguard
set ovrd-auth-port-http 9008
set ovrd-auth-port https 9010
set ovrd-auth-port-https-flow 9015
set ovrd-auth-port-warning 9020
end
Related articles
