Created on
03-18-2012
12:36 AM
Edited on
09-18-2025
02:35 AM
By
Stephen_G
Description
To confirm FortiGuard servers are reachable, try to ping the following hostnames:
execute ping service.fortiguard.net
execute ping update.fortiguard.net
execute ping guard.fortinet.net
execute ping securewf.fortiguard.net [ for HTTPS service ]
If the hostname is not resolving or ping is not working, refer to this KB article: Troubleshooting Tip: Unable to connect to FortiGuard servers.
Scope
FortiGate.
Solution
This will enable users to access websites even when a rating error occurs, allowing the FortiGate unit to utilize the FortiGuard Web Filtering database stored on the unit to rate the website.
In CLI:
From v7.4 and above, the option for changing the 'Allow website when rating error occurs' has changed. The following option shown in the screenshot below needs to be disabled or enabled to either enable or disable the option for rating error.
Scenario 2:
When checking the 'diagnose debug rating', two servers were seen:
If the servers show 'F' under Flags, this indicates that the server has not responded and considered to have failed.
To resolve, the FortiGuard settings can be adjusted to the following:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set sdns-server-ip 208.91.112.220 173.243.140.53 210.7.96.53
end
For the detailed 'diagnose debug rating' flags description, refer to Troubleshooting Tip: Resolving FDS Communication Issues (FortiGuard Distribution Servers).
Related article:
Technical Tip: Web Page Blocked using WebFilter when failed to connect to FortiGuard
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.