Description
This article describes how to allow users to access the internet when a rating error occurs.
Indeed, an error may occur whilst trying to rate a particular web filtering service which results in the user seeing a 'Web Page Blocked' message when accessing the internet.
This may be caused by:
- An issue about the rating of the FortiGuard Web Filtering feature.
- The expiration of the Web Filtering license.
Scope
Web Filtering.
Solution
To allow users to access the internet is presented here for FortiOS v5.2 and v5.4.
This will allow users to access the websites when a rating error occurs and will allow the FortiGate unit to use the FortiGuard Web Filtering database that it has stored on the unit to rate the website.
This is applicable even if the FortiGuard Web Filtering license has expired but it will not allow access to the latest update from the FortiGuard service
In FortiOS, go to Security Profiles -> Web Filter, select the required Web Filter profile, go to Rating Options, and enable 'Allow Websites When a Rating Error Occurs'
Note: In recent firmware versions, the option will look like the following:
On FortiOS 6.4 and later, 'Fortiguard-anycast' can be disabled, and the protocol and port can be set to UDP and port 8888.
Change the FortiGuard settings as follows when a rating error occurs:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
end
