Hi All,
getting this message every day.
Whats wrong? Are there not enough server at fortinet?
Any help would be fine. Best regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I had problems with the DNS Server too, it's the one starting with 212.x.x.x I think. I removed it from the DNS configuration and replaced it with the google DNS, now everything seems to be working.
Sure, using Google's servers should easily fix the issue. But, isn't the point of this feature that Fortiguard maintains a DNS database and servers, that filter out known malicious endpoints and other stuff that should be avoided? Seems to me that the issue is with Fortiguard's service here, perhaps their DNS infrastructure cannot handle the load generated by all of the Fortiguard devices out there...
do you have a sanitized version of your config that you can post?
Mike Pruett
Same error here with 5.4.5 on FG60D
Message meets Alert condition date=2017-10-04 time=10:10:07 devname=xxx devid=xxx logid=0318012800 type=utm subtype=webfilter eventtype=ftgd_err level=error vd=root policyid=17 sessionid=3454737 user="" srcip=192.168.255.112 srcport=50430 srcintf="internal" dstip=8.8.8.8 dstport=53 dstintf="wan1" proto=17 service="DNS" hostname="client.wns.windows.com" profile="default" action=blocked reqtype=direct sentbyte=0 rcvdbyte=0 direction=outgoing msg="A rating error occurs" error="all Fortiguard SDNS servers rating timeout"
if you need other parts of the configuration mike let me know!
config system fortiguard set service-account-id "x.x.x.x" set sdns-server-ip "208.91.112.220" end
config system dns set primary 208.91.112.53 set secondary 208.91.112.52 end
config system dhcp server edit 1 set forticlient-on-net-status disable set default-gateway 192.168.255.2 set netmask 255.255.255.0 set interface "internal" config ip-range edit 1 set start-ip 192.168.255.110 set end-ip 192.168.255.210 next end set timezone-option default config reserved-address x.x.x.x end set dns-server1 8.8.8.8 set dns-server2 8.8.4.4 next
br,
rowie
Have y'all tried changing the fortiguard filtering port from 53 to 8888? worked for me.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.