Hi,
I'm trying to allow authenticated users to grant access to website blocked by FortiGuard web filter.
The problem is , that the authentication page/form doesn't show up. After quick google search I see that FortiGates use 8008 and 8010 ports to authenticate users, but in my case this ports a firewalled by forti. Maybe that's a reason why authentication popup doesn't show up ?
I checked config webfilter fortiguard and 'close-ports' directive is set to disable:
FGT60FT (fortiguard) # get
cache-mode : ttl
cache-prefix-match : enable
cache-mem-percent : 1
ovrd-auth-port-http : 8008
ovrd-auth-port-https: 8010
ovrd-auth-port-https-flow: 8015
ovrd-auth-port-warning: 8020
ovrd-auth-https : enable
warn-auth-https : enable
close-ports : disable
request-packet-size-limit: 0
------------------------------------------
when I try to telnet from LAN-side to the FortiGate_LAN_IP on 8008 or 8010 ports - it's firewalled (it's neither opened nor refused)
what could be the reason of such behavior?
thx
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello MarkusPL,
Thanks for posting on the Fortinet Community Forum!
Did you update FortiGate to the final version (7.0.x)? If not, sometimes it can fix a bug by itself!
Kindest regards,
Hi Markus,
what do you mean by firewalled?
I understand that firewalled is simply "behind the firewall".
The respective ports here are ON the firewall, so not firewalled in that sense.
With that KB you might have seen already:
I would wonder what exactly is "not showing up". Is this an IP connection, do you see the fqdn of the FortiGate on this browser, is there an error message and which error message would it be? The browser messages will help identifying where to even look here, check the link your browser is trying to reach and, according to the link and its examples, after which action does the problem appear? After clicking the "override" button?
Best regards,
also Markus
Hello,
You may consider to sniff traffic (diagnose sniffer packet any 'port <>' 4 0 a) on FortiGate in order to check whether traffic is reaching FortiGate and FortiGate is replying.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.