Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sylvain92
New Contributor

Created on ‎03-21-2025 07:10 AM Edited on ‎03-22-2025 11:57 AM

FortiOS 7.2.x - Web Filtering quota issues - no matching entries found

Hi everyone,

 

I am unsuccessfully trying to implement Web Filter Category quota on my 40F.

 

2 problems: despite time limit set under a monitored category, (1) client device has access to websites falling within that category beyond such time limit. And (2) in the Fortiguard Quota Monitor dashboard, FortiGate displays “No matching entries found” for this client IP.

 

Current setup:

  • License activated;
  • Explicit Proxy features activated;
  • Fortiguard filtering services on port: 8888; no report received after launching connectivity test;
  • Network > Interface: Explicit Proxy (HTTP 8080, no PAC file) on that Vlan (10 clients, 5 laptops, 5 mobiles);
  • Policy & Objects > Firewall Policy in proxy-based for this Vlan to ISP;
  • Policy & Objects > Proxy Policy proxy-based with Web Filtering profile on that Vlan address range;
  • Security Profiles > Web Filter profile on proxy-mode; and
  • Client proxy manually set up with Vlan IP Interface and Explicit Proxy port.

What I can see:

  • Client accessed page is apparently buffered (no immediate streaming);
  • traffic appears in Proxy Policy;
  • the FG displays “no matching entries found” in the Fortiguard Quota Monitor;
  • the FG cannot ping the client device anymore (ie it pinged it before implementing this proxy policy) but still pings FQDN or external; and
  • if Firewall Policy in proxy mode is disabled, then client mobiles connect without being granted internet access.

 

Having been through the Troubleshooting Tip: FortiGuard Web Filtering problems, I am stuck in test 5. For recap and confirmation:

test #1: service enabled, but not sure to understand the meaning of the flags;

test #2: success;

test #3: success;

test #4: success.

 

I also tried to change the listened Explicit Proxy HTTP port to 8888, as well as in the Client settings. The FortiGate just recorded one second of access to the categorized website.

 

Am not an IT guy and am clearly doing something wrong. Hope you’ll give me some corrections/tips to move on.

 

Thanks !

148
0 Kudos
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎03-23-2025 10:16 PM

Hello Sylvain,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
80
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-26-2025 01:01 AM

Hello Sylvain,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
41
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-28-2025 12:38 AM

Hi Sylvain,

 

If you are encountering the "No matching entries found" message when trying to add or view web filtering quotas in FortiOS 7.2.x, it indicates that no custom quotas or categories have been added yet:

  1. Access Security Profiles: Navigate to the "Security Profiles" section in the FortiGate GUI.
  2. Select Web Filter: Click on "Web Filter" to access the web filtering settings.
  3. Edit Web Filter Profile: Choose the web filter profile you wish to edit or create a new one.
  4. Add Category Usage Quota: In the "Category Usage Quota" section, click on "+ Create New" to add a new quota and define the category and set the desired quota limits.
  5. Save Changes: After configuring the necessary settings, ensure you save the changes to apply the new quotas.
Anthony-Fortinet Community Team.
20
funkylicious
SuperUser
SuperUser

Created on ‎03-28-2025 12:46 AM

Hi,

I think the issue is in the fact that you are using Explict Proxy , instead of granting access directly to the devices w/o using a proxy.

In the documentation, https://docs.fortinet.com/document/fortigate/7.2.11/administration-guide/801136 , it states that a firewall policy should be in proxy mode and also the web filter and the category in question in Monitor.

Due to the fact that you are using a proxy address on the stations and a proxy policy with defines that traffic is allowed and not using a firewall policy because of that, most likely this would be the reason.

 

"jack of all trades, master of none"
"jack of all trades, master of none"
16
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.