Created on
‎09-18-2024
09:45 AM
Edited on
‎09-20-2024
05:15 AM
By
Jean-Philippe_P
Description |
This article describes how to fix an issue where the 'web page blocked!' message is displayed by FortiGate when using an internal DNS server.
|
Scope | FortiGate. |
Solution |
Topology:
Context:
The computer has the internal DNS server configured as 192.168.1.20, as shown in the following image:
Check website domain resolution via Command Prompt:
The FQDN resolved to IP 208.91.112.55, which belongs to the FortiGuard default portal. Upon reviewing one of the DNS profiles, it was identified that this IP is associated with the Redirect portal. The blocking message appears because the DNS profile is responsible for the block. The LAN to WAN firewall policy has DNS and Web filter security profiles.
Below are the possible solutions for the scenario and problem raised:
After the changes, users who have the Internal DNS server configured should not experience these types of blocks when consulting websites.
If disabling the DNS filter is not a feasible option, make sure that the category of the URL that is trying to resolve falls under the allowed/monitor category. More information is available in FortiGuard category-based DNS domain filtering.
To use an alternative block option like Return NXDOMAIN or SERVFAIL other than redirect to block portal refer to this article Technical Tip: Various Block option under DNS filter. |
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Great article @JCPL thank you!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Awesome @JCPL Juan Lewis, keep it up!
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Juan @JCPL , Team: Well done! We do appreciate your valuable contribution!