Description |
This article explains a case where, after configuring the FortiClient EMS to import a Web Filter profile from FortiOS, the traffic is dropped by the local-in policy. |
Scope |
FortiGate and EMS FortiClient |
Solution |
Importing a Web Filter profile from FortiOS requires HTTPS access on the FortiGate interface.
In cases where trusted hosts are configured for the user, it is necessary to add the EMS IP to the trusted host list. To identify the trusted hosts, go to System -> Administrators, select the administrator account to edit, check Restrict login to trusted hosts is enabled, and add, if it's necessary, the EMS IP addresses.
To do this in the CLI, run the following:
# config system admin edit <administrator-name> set trustedhost1 <ip and subnet> end
The EMS FortiClient is using the HTTPS admin port configured on the FortiGate to import the profile. Go to System -> Settings -> Administrator Settings and check the HTTPS port.
To do this in the CLI, run the following:
# config system global set admin-sport <port>
Related article: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.