Web filtering not working though Fortiguard is enabled
I'm facing the following strange problem with web filtering in 5.6.3. Please notice that the problem appeared after I registered my FG to an FMG for testing purposes, but now FG is deregistered, however the problem persists.
So, it appears that web filtering is not blocking what it should block, and I see log messages saying "FortiGuard is enabled in the protection profile but the FortiGuard service is not enabled." and other messages saying:
no rating service is foundURL TypehttpsMessagePolicy allows URLs when a rating error occurs
Needless to say that Fortiguard is up and running, or at least it seems so in the system's dashboard. I did a check in System > Fortiguard > Filtering Services Availability and got a "Both web filter and antispam services are available".
Here is some more information I gathered during my troubleshooting:
diagnose debug rating: The service is not enabled :o
config system fortiguard
set webfilter-force-off enable :o
Where the fuck did this command come from??? When I changed to enable, everything in web filtering worked fine.
And why the did the dashboard or the Fortiguard GUI didn't show anything wrong? On the contrary, they showed me that the service was available... I'm pretty sure that the FMG caused all this mess, but I expect that the fortigate's GUI wouldn't fool me.
I'm very much interested in having your experience to similar incidents.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.