Hello everyone, I have the following problem. On the farm we installed a FortiGate 80C with firmware 5.0 Bild 0310 Ga Patch 11 with relative configuration webfiltering and SSL Inspection and firewall rule. The firewall can not block anything. I did the test with a VM to a course that I made and it all works. I have to do a factory reset?
Could you post a copy of the firewall policy, webfilter, and SSL/SSH inspection profile you are using?
Regards, Chris McMullan Fortinet Ottawa
It looks like the policy is ordered high enough, and has the filter and inspection profiles applied, and there is a packet count. Do you see the packet count increment immediately after visiting a site which should be blocked?
Regards, Chris McMullan Fortinet Ottawa
That column with Claudio, Lan 01, Lan 02, etc. looks like address subnet ranges. Is the Fortigate set up in transparent mode? Can you post the edit view of your fw rule#8? Does the Claudio label have a proper IP/subnet? Do you have any firewall rule covering that "claudio" traffic above rule #8?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
It would be best to examine a flow trace and UTM logs/diagnostics to see where the breakdown occurs.
Pick an HTTPS site with a known public IP:
diag debug reset
diag debug enable
diag debug flow show console enable
diag debug flow show function-name enable
diag debug flow filter addr w.x.y.z //--enter the IP of the test site
diag debug flow trace start 5000
diag debug flow trace stop //--type this command without pressing Enter *before* visiting the site; that way, you can just press Enter to stop output, even if a lot is being generated - you won't have to guess whether you're entering typos or not
<browse to the site, then...>
<Enter>
diag debug flow filter clear
diag debug reset
diag debug disable
Look for the policy and route chosen in the output, and whether the traffic is sent to IPS or to the 'application layer' for further processing. This will prove what level of inspection takes place.
Then, you can look through any UTM logs generated, if you log all traffic in the policy and enable logging through the CLI for the UTM profiles in place. Barring that, for web filtering, you can debug the urlfilter daemon.
diag debug reset
diag debug enable
diag debug urlfilter src-addr w.x.y.z //--here, you can specify the private IP of your testing host, to limit output
diag debug application urlfilter -1
diag debug reset //-same as above, type the command without pressing Enter
<browse to a site which should trigger your UTM rules, then...>
<Enter>
diag debug disable
Let's see what comes up!
Regards, Chris McMullan Fortinet Ottawa
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.