First remove the webfilter from the policy to see if it starts working in the first place. Based on the policy view there is no web filter applied at this time. Just to make sure.
If it fails working, there is no point troubleshooting anything on the webfilter since it has no direct affect. The traffic is blocked BEFORE the webfilter will be applied.
When the traffic is working fine, then apply webfilter etc. to the traffic. You will also need minimum certificate inspection, better a deep inspection as FortiGate can only block what it can read. Encrypted traffic cannot be read.
Next is that your initial screenshot show a different source interface (port1 vs port2). See if that is the pattern on the failure.
Check if the interface group/zone called "outside" contains both port1 and port2 - I would suspect that is not the case, based on the logs.
Hi geek Thanks for reply, I tried to whitelist some domains on web filter but the blocking traffic still happening, actually i'm not an expert on fortigate so could you please explain how to start over to troubleshoot this issue. Thanks
Please check the policy that this traffic is hitting. If it is hitting the policy which has the web filter profile that you have shown in the previous reply, you can try to allow *.microsoftonline.com as a wildcard type, clear the sessions or try to access from an incognito window to check if the traffic is allowed.
You can also, try to create a policy for a single source without any UTM and keep it on top of the current policy to check if the traffic is allowed, this is to isolate if the issue is because of the UTM or any ISP blocking.
Hi Vimala, Thanks for reply, I did all these steps and still show traffic blocked but i noticed from logs that the FW allow and deny same traffic simultaneously with same source and distination as shown do you have any idea what cause this
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.