- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiguard blocking access to websites for some users
Hi
I have started with a new company 6 months ago and inherited a strange issue.
Occasionally, a user or 2 will get a "Fortiguard Intrusion Prevention - Access Blocked" message when trying to access any website. Other users are able to access the websites.
What I see in FortiAnalyzer are logs with no username specified. We have FortiSSO, and it appears that it is not picking up the user logon event. Sometimes, getting the user to reboot will solve the issue but may take a few reboots. Another fix is to get the user to connect to another wifi network, then reconnect to the original network connection.
This issue has been happening intermittently for different users for well over a year now and the fixes mentioned above usually resolve this. However, I now have a user, who has been unable to access the Internet all day, so I'm looking for any possible help.
This does seem like an identity issue, where FortiSSO is not picking up the logon event but I do know that it picks up other user logon events from all domain controllers. Is this a FortiSSO issue, an issue with Fortiguard or the Fortigate?
Has anyone seen this issue? I don't have a lot of Fortinet experience before this job, so could anyone point my to any troubleshooting tools that could help please?
For reference, we are running v.7.0.15 on the fortigate.
Thanks
Roy
Solved! Go to Solution.
- Labels:
-
FortiGate
-
FortiGuard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now.
For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Roysmith,
I think your scenario is matching point 4 of this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FSSO-CA-initial-troubleshooting/ta-p...
It is an FSSO issue and not FortiGuard issue. We need to troubleshoot at FSSO agent and FortiGate side.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now.
For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community
![](/skins/images/1A6061600A0BCB95B18454C610CCB90A/responsive_peak/images/icon_anonymous_message.png)