Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Staff & Editor
Staff & Editor

Created on ‎12-08-2025 04:05 AM Edited on ‎12-09-2025 05:08 AM By Staff

Article Id 422163

Technical Tip: Web Filtering and Anti-Spam is down after upgrading to v7.4.7 when Anycast is enabled

Description This article describes the behaviour after firmware upgrade to v7.4.7, with Web Filtering and Anti-Spam filtering services when Anycast is enabled. 
Scope FortiGate v7.4.7.
Solution

By default, the FortiGuard filtering services use HTTPS on port 443, which also indicates that the use of Anycast is enabled.

 

After upgrading from v7.4.6 to v7.4.7, when FortiGuard filtering services are set to HTTPS on port 443 with Anycast enabled, the Web Filtering and Anti-Spam status shows down:

 

image (4).png

 

This has been identified as a known issue under engineering ticket: 01172647, and has been fixed in v7.4.10, v7.6.4 and v8.0.

 

Workaround which can be considered: 

  1. Disable anycast, and the Rating Servers will show up:

 

config system fortiguard

    set fortiguard-anycast disable

end

 

execute update-now

 

  1. Enable a Webfilter profile in firewall policy, then the rating servers show up as expected, even when Anycast is enabled.

 

image (6).png
151
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.