Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Roysmith
New Contributor II

Fortiguard blocking access to websites for some users

Hi

I have started with a new company 6 months ago and inherited a strange issue. 

Occasionally, a user or 2 will get a "Fortiguard Intrusion Prevention - Access Blocked" message when trying to access any website. Other users are able to access the websites. 

What I see in FortiAnalyzer are logs with no username specified. We have FortiSSO, and it appears that it is not picking up the user logon event. Sometimes, getting the user to reboot will solve the issue but may take a few reboots. Another fix is to get the user to connect to another wifi network, then reconnect to the original network connection. 

 

This issue has been happening intermittently for different users for well over a year now and the fixes mentioned above usually resolve this. However, I now have a user, who has been unable to access the Internet all day, so I'm looking for any possible help. 

 

This does seem like an identity issue, where FortiSSO is not picking up the logon event but I do know that it picks up other user logon events from all domain controllers. Is this a FortiSSO issue, an issue with Fortiguard or the Fortigate?

 

Has anyone seen this issue? I don't have a lot of Fortinet experience before this job, so could anyone point my to any troubleshooting tools that could help please?

 

For reference, we are running v.7.0.15 on the fortigate.

 

Thanks

Roy

1 Solution
Roysmith
New Contributor II

Hi

We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now. 

For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community

View solution in original post

2 REPLIES 2
hbac
Staff
Staff

Hi @Roysmith,

 

I think your scenario is matching point 4 of this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FSSO-CA-initial-troubleshooting/ta-p...

 

It is an FSSO issue and not FortiGuard issue. We need to troubleshoot at FSSO agent and FortiGate side. 

 

Regards, 

Roysmith
New Contributor II

Hi

We have discovered the issue is with a recent Windows update on our domain controllers, running Windows Server 2019. The update is KB5039217, which updates LSASS. We removed it and the users are able to open websites now. 

For reference see this Technical Tip - FSSO breaks after installing Microsoft KB... - Fortinet Community

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors