FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
A webpage that is consulted over ports 8008, 8010, or 8020 is not displayed and the connection times out.
Also the parts of a webpage that redirect the traffic, in order to display elements from another page that uses these ports, fail to be displayed.

This article explains how this happens and how to overcome this.


This happens when a Web Filter profile is applied to the firewall policy that controls this traffic.
These ports are used by Web Filter to consult FortiGuard on override authentications.

8008: The port to use for FortiGuard Web Filter HTTP override authentication.
8010: The port to use for FortiGuard Web filtering HTTPS override authentication.
8020: The port to use for FortiGuard Web Filter Warning override authentication.

The way to correct this issue is by changing the override authentication port to any other in CLI.

FG # config webfilter fortiguard

FG (fortiguard) # show full

config webfilter fortiguard

    set cache-mode ttl

    set cache-prefix-match enable

    set cache-mem-percent 2

    set ovrd-auth-port-http 8008

    set ovrd-auth-port-https 8010

    set ovrd-auth-port-warning 8020

    set ovrd-auth-https enable

    set warn-auth-https disable

    set close-ports disable

    set request-packet-size-limit 0

    set ovrd-auth-hostname ''

    set ovrd-auth-cert "Fortinet_Firmware"



FG (fortiguard) # set ovrd-auth-port-https 8011

FG (fortiguard) # end

FG #