Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
defsdefs12
New Contributor

Created on ‎10-25-2024 09:24 PM

FortiGate WebFilter Issue

Hi guys, 

 

We would like to seek similar encountered issue and how did you guys resolve this. We're currently encountering an issue regarding our Web Filter as wherein all access going through internet policies with Web Filter encountered web rating error occured. Had to create a temporary policy without added WebFilter Profile however this impose risks. 

 

What should be the workaround for this one for it to work properly again? Suggestions are highly appreciated. Thank you in advance. 

Labels:
2078
0 Kudos
17 REPLIES 17
Michael-HPGR
New Contributor II
In response to connectbv

Created on ‎10-26-2024 02:18 AM

There are users working, so I’ll try late at night. In any case, support needs to look into the issue because I see that many devices are having problems.

365
0 Kudos
defsdefs12
New Contributor
In response to Michael-HPGR

Created on ‎10-26-2024 02:32 AM

Let us know if it worked already on your end later tonight, so we can try to enable it again tomorrow. 

339
0 Kudos
tpatel
Staff
Staff
In response to connectbv

Created on ‎10-26-2024 01:22 PM

Hello Sir, 

 

Can you please try to disable Fortiguard unicast and used protocol udp with port 53.   
the Anycast method to address the Fortiguard servers. Relying on Fortinet DNS servers, the FortiGate will get a single IP address for the domain name of each FortiGuard service. If you disable anycast you will get few more Fortiguard server ip address for connection.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGuard-is-not-reachable-via-Anycast-de...

122
0 Kudos
sokolisko
Visitor

Created on ‎10-26-2024 04:12 AM

Hi, the same problem in Poland. I have to disable web filtering on firewall policys.

Do you know when this will be fixed?

 

278
0 Kudos
Michael-HPGR
New Contributor II
In response to sokolisko

Created on ‎10-26-2024 12:51 PM

I haven’t tried it yet, but I think it’s been fixed. If you’re still experiencing issues, go to Policy & Objects --> Firewall Policy --> edit your outgoing policy and disable Web Filter.

 

security_profiles.png

 

 

 

 

 

132
0 Kudos
dkochhar
Staff
Staff

Created on ‎10-26-2024 11:45 AM

@connectbv do you have fortiguard-anycast disable or enabled in your config ?
You can check it through following:

#config system fortiguard
#show full | grep anycast

Dixit Kochhar
158
0 Kudos
connectbv
New Contributor
In response to dkochhar

Created on ‎10-26-2024 12:04 PM

Now I looked immediately and got this result. But I noticed that the FortiGuard service is currently UP. 

 

fg1.pngfg2.png

143
0 Kudos
vbandha
Staff
Staff

Created on ‎10-26-2024 11:56 AM

@defsdefs12 

Please try to change the fortiguard settings to these:

 

config system fortiguard

set fortiguard-anycast disable

set protocol udp

set port 53

set sdns-server-ip 208.91.112.220

set source-ip <WAN IP>

end

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Unable-to-connect-to-FortiGuard-serv...

 

If you are using SD WAN then make sure this setting is configured:

config system fortiguard

set interface-select-method sdwan

end

 

After that check the fortiguard connectivity using this command:

di deb rating

 

If you are still having issue you can configure the webfilter to allow traffic when rating error occurs until the issue is resolved:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Web-Page-Blocked-with-An-error-occur...

 

Regards,

Varun

150
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.