Fortinet Community

Tutek · ‎07-10-2023

Hi,

I have such problem that fortigate is blocking bing.com website, on all web browsers I have error:

NET::ERR_CERT_AUTHORITY_INVALID

I have added bing to SSL scan exemptions but this didn't resolved this issue.

When I enter on bing.com I have warning that this connection is not secure and on the website certificate properties I see something like:

Fortiguard SDNS Blocked Page

Fortinet

srajeswaran · ‎07-10-2023

Can you try clearing the SDNS cache and then check again?

diagnose test application dnsproxy 16

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changes-in-SDNS-and-Webfilter-lookups/ta-p...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Tutek · ‎07-11-2023

Fortigate # diagnose test application dnsproxy 16
worker idx: 0

The problem still exist.

rtichkule · ‎07-12-2023

Hello @Tutek ,

Hope you are doing well.

Please check below articles on fortiguard SDNS webfilter cache and let us know if it helps.

Troubleshooting Tip: Verify the webfilter cache co... - Fortinet Community

Also you can try following below article.

Technical Tip: Changes in SDNS and Webfilter looku... - Fortinet Community

BR

JimH · ‎07-19-2023

We had a similar issue with bing. We had to disable the OCSP responder: Settings---->Privacy and Security----->Query OCSP responder servers to confirm the current validity of certificates, untick it

sjoshi · ‎07-19-2023

Dear Tutek,

Thank you for posting to the Fortinet Community Forum.

Problem Description:-
Fortigate is blocking bing.com

Are you using dns filter on the policy.
Have you allowed the website both from webfilter and dnsfilter?
Are you seeing anything on webfilter/dns filter logs.

For testing purpose please create a new policy for one src IP without dnsfilter/webfilter and keep it on top. Does it work?

Let us know if this helps.

Thanks

Salon Raj Joshi