Hi All,
at one of our customers, we installed FortiOS 7.0.14 to fix the latest CVE vulnerability (CVE-2024-21762). The FortiGate #e have had issues is an Azure-based VM. As FOS 7.0.13 runs w/o any issues, we now see errors with WebFilter profiles activated. All web requests are being blocked by following error: All Fortiguard servers failed to respond. A rating error occurs". As we are using SSL-VPN connections w/ FortiClient, we decided to deactivate WebFilter profile. We switched update server locations from "US only" back to "lowest latency locations" which didn't help. FortiGuard Web Filter servers were (and are) available but w/ higher latency of ~130ms. At the moment, they latence's back to ~80ms
For troubleshooting purposes, I gonna setup a dedicated test rule for a few clients only and re-activate WebFilter and also DNS Filter profiles. Next, I gonna switch from the security profile group we now use and try to add single security profiles - just to make sure, it's not an group issue.
Anyone sees / saw similar issues w/ 7.0.14? Any idea, hints? Anything? Many thanks so far.
____
Please find below "system fortiguard" configuration:
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set update-server-location usa
set sdns-server-ip "208.91.112.220"
end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Thanks for pointing out, I already checked that. Anyway, I need to trace / debug Web Filter rating though.
Update as of 2024-02-15: two days ago, I reactivated both, DNS and web filter security profiles (as mentioned before, we're using a security profile group) and - funny thing - everything worked. No more "no SDNS server available" errors. Obviously, it was a temporary issue exactly that specific Friday afternoon. D'oh!
Thanks for your support, @hbac.
BTW, `diag debug rating` shows web filter DISABLED as long as there's no web or DNS filter profile used in the policy. Didn't knew that, too.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.