Symptoms:

1. The Web Filter reports a lot of rating errors in the FortiGate logs.
2. When running CLI commands 'diagnose webfilter fortiguard cache dump' on the FortiGate unit, it shows the result with the message 'Cache is not enabled' with the following details:

FGT # diagnose webfilter fortiguard cache dump

Caution: This command is for diagnostic purposes ONLY. The bigger the cache size is set, the more impact on performance the command has.

Do you want to continue? (y/n)y

Cache is not enabled.

FGT #

3. Try to restart the Web filter monitor daemon as below. The status remains the same.

FGT # diagnose test application wf_monitor 99

Restarting WF monitor.

FGT # diagnose webfilter fortiguard cache dump

Caution: This command is for diagnostic purposes ONLY. The bigger the cache size is set, the more impact on performance the command has.

Do you want to continue? (y/n)y

Cache is not enabled.

FGT #

To fix:

1. For a workaround with a temporary fix:

Run the following CLI commands to check.

FGT # diagnose sys process pidof wad

FGT # diagnose sys process pidof ipsengine

If the list goes above 200, limit the number of WAD and ipsengine processes.  

FGT # config system global

FGT # set wad-worker-count 80

FGT # end

FGT # config ips global

FGT # set engine-count 80

FGT # end

2. For a permanent fix:

It is necessary to upgrade FortiGate firmware version to v7.2.11, v7.4.8, or above.