Hi guys,
We would like to seek similar encountered issue and how did you guys resolve this. We're currently encountering an issue regarding our Web Filter as wherein all access going through internet policies with Web Filter encountered web rating error occured. Had to create a temporary policy without added WebFilter Profile however this impose risks.
What should be the workaround for this one for it to work properly again? Suggestions are highly appreciated. Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are users working, so I’ll try late at night. In any case, support needs to look into the issue because I see that many devices are having problems.
Let us know if it worked already on your end later tonight, so we can try to enable it again tomorrow.
Hello Sir,
Can you please try to disable Fortiguard unicast and used protocol udp with port 53.
the Anycast method to address the Fortiguard servers. Relying on Fortinet DNS servers, the FortiGate will get a single IP address for the domain name of each FortiGuard service. If you disable anycast you will get few more Fortiguard server ip address for connection.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGuard-is-not-reachable-via-Anycast-de...
Hi, the same problem in Poland. I have to disable web filtering on firewall policys.
Do you know when this will be fixed?
I haven’t tried it yet, but I think it’s been fixed. If you’re still experiencing issues, go to Policy & Objects --> Firewall Policy --> edit your outgoing policy and disable Web Filter.
@connectbv do you have fortiguard-anycast disable or enabled in your config ?
You can check it through following:
#config system fortiguard
#show full | grep anycast
Now I looked immediately and got this result. But I noticed that the FortiGuard service is currently UP.
Please try to change the fortiguard settings to these:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 53
set sdns-server-ip 208.91.112.220
set source-ip <WAN IP>
end
If you are using SD WAN then make sure this setting is configured:
config system fortiguard
set interface-select-method sdwan
end
After that check the fortiguard connectivity using this command:
di deb rating
If you are still having issue you can configure the webfilter to allow traffic when rating error occurs until the issue is resolved:
Regards,
Varun
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.