Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aagrafi
Contributor II

Web filtering not working though Fortiguard is enabled

Hello,

 

I'm facing the following strange problem with web filtering in 5.6.3. Please notice that the problem appeared after I registered my FG to an FMG for testing purposes, but now FG is deregistered, however the problem persists.

 

So, it appears that web filtering is not blocking what it should block, and I see log messages saying "FortiGuard is enabled in the protection profile but the FortiGuard service is not enabled." and other messages saying:

no rating service is foundURL TypehttpsMessagePolicy allows URLs when a rating error occurs

 

Needless to say that Fortiguard is up and running, or at least it seems so in the system's dashboard. I did a check in System > Fortiguard > Filtering Services Availability and got a "Both web filter and antispam services are available".

 

Does anybody know what's going on here?

 

Thanks

1 Solution
dingjerry_FTNT

This might be due to this Mantis Bug #451801

 

Double check whether you have a system template applied with your FGT or not.

 

If yes, double check whether "FortiGuard" widget is there or not. If yes, either enable it or delete it.

 

If you leave the widget there, and don't check the option "Enable FortiGuard Security Updates", FMG will apply "antispam-force-off" and "webfilter-force-off" with "enable" setting.

View solution in original post

2 REPLIES 2
aagrafi
Contributor II

Here is some more information I gathered during my troubleshooting:

 

diagnose debug rating: The service is not enabled :o

 

config system fortiguard

  set webfilter-force-off enable :o

 

Where the fuck did this command come from??? When I changed to enable, everything in web filtering worked fine.

 

And why the did the dashboard or the Fortiguard GUI didn't show anything wrong? On the contrary, they showed me that the service was available... I'm pretty sure that the FMG caused all this mess, but I expect that the fortigate's GUI wouldn't fool me.

 

I'm very much interested in having your experience to similar incidents.

 

Thanks 

dingjerry_FTNT

This might be due to this Mantis Bug #451801

 

Double check whether you have a system template applied with your FGT or not.

 

If yes, double check whether "FortiGuard" widget is there or not. If yes, either enable it or delete it.

 

If you leave the widget there, and don't check the option "Enable FortiGuard Security Updates", FMG will apply "antispam-force-off" and "webfilter-force-off" with "enable" setting.