Help with UTM: Not working at all?

Report Inappropriate Content · ‎04-10-2011

Ok, now I' m sure this is something I' m doing wrong, as this is essentially the most basic function of the fortigate units! I' m trying to set up basic web filtering with categories. I have a FortiWifi 30B with FortiOS 4 MR2 I have configured, as per the guides: A Web filter Profile ' admin staff' . In here I have configured ' FortiGuard Web Filtering' for http and https. For testing, I have set *every* category to ' block' , so my understanding is this should be blocking everything essentially. I then go to my (only) firewall policy, and tick UTM. Select protocol options (using ' default' , but tried many different options), and ' Enable Web Filter' and selected ' Admin staff' profile. Then try browsing, and can load *any* website! I' ve tried enabling Identity based policy, creating a username with this same web filtering policy, and sure enough, when I browse, I get a login prompt no worries, but once logged in, I can browse anything! What' s going on? What am I missing? Thanks in advance!

Report Inappropriate Content · ‎04-10-2011

Just wanted to add second image and mention i' ve tried so many different combinations of the advanced options shown above, and nothing works!

bmann · ‎04-10-2011

Hi, - as I wrote in other post, ratting by IPs is not good idea. I would disable it. You will save some problems. - you have to enable in " system -> maintenance-> fortigurad -> Web Filtering and Email Filtering Options" configuration " enable webfilter cache" and " enable antispam cache" Of course valid webfilter license is needed.

Report Inappropriate Content · ‎04-10-2011

I had read that, and have tried with it enabled and disabled, makes no difference, I can still access any site I like! I have a valid connection to the fortinet system, and the page shows valid dates (unit is brand new with bundle, so has 12 months licence) Web filter cache' s are are per default settings, both enabled with default TTL. Any other ideas? I' ve got to be missing somthing horribly obvious..

bmann · ‎04-10-2011

Did you try " Use Default Port (53)" ? I use it at all boxes with no problem. Then enable logging in the policy. Look at logs what policy is matched and clasiffication of each web page.

edsouza_FTNT · ‎04-10-2011

A few possibly reasons this is happening: 1) incorrect policy being hit. 2) Since you are on a FWF-30B, it' s highly possibly you are in conserve mode. High memory.

Report Inappropriate Content · ‎04-13-2011

Ok, firstly, I have tried 53 and it makes no difference, that setting was set that way while trying both. It is ' reachable' and with a valid licence under either setting. Logging is enabled in the policy, and under the logs, I see entries in ' traffic' from my IP outbound, as level ' notice' and sub type ' allowed' , but nothing there about rules or policies. Under the subheading under logs called ' Web Filter' there is ' no entries found' . edsouza: There is only one policy defined, and if I disable that policy, or change things such as ' No NAT' , then my access fails. I can' t imagine I can be low memory on a device with 1 policy, 1 UTM profile and normal LAN/WAN/WLAN interfaces defined? Isn' t this largely what this device is made for? The memory statistic on the dashboard is currently reading 69%, been as high as 80%. Rebooting the device does not make it work again. How can I tell if the device is in this conserve mode? The system logs do not have a mention of it. Thanks

bmann · ‎04-13-2011

OK, if you have only one policy there should be no problem with policy matching. what you see with this cmds? diag sys top diagnose hardware sysinfo memory diagnose test application proxyacceptor 4 For that policy disable all UTM functions except web filter, reboot and try it. Then enable av and try it. limit AV to max. 1MB file size scan. there is no reason to bigger file scan. Do not use IPS, it consumes too much memory and maybe reason of conserve mode. I have 80C for testing and it consumes 300MB of memory with av,webfilter,as and IPS. 30B has only 256MB I guess.

Report Inappropriate Content · ‎04-14-2011

Ok, diag sys top:

 Run Time:  0 days, 0 hours and 2 minutes
 26U, 13S, 59I; 122T, 40F, 44KF
           httpsd       61      S       0.9     9.9
          cmdbsvr       15      S       0.0    11.0
           httpsd       48      S       0.0     9.9
           httpsd       58      S       0.0     9.7
           httpsd       62      S       0.0     9.7
           httpsd       29      S       0.0     9.3
           newcli       68      R       0.0     7.5
           newcli       67      S       0.0     7.5
        ipsengine       38      S <     0.0     7.3
          miglogd       27      S       0.0     7.0
        scanunitd       54      S <     0.0     6.5
         fdsmgmtd       46      S       0.0     6.0
   merged_daemons       39      S       0.0     6.0
        scanunitd       31      S <     0.0     5.9
          updated       45      S       0.0     5.9
             iked       44      S       0.0     5.9
        urlfilter       41      S       0.0     5.8
            authd       42      S       0.0     5.8
            dhcpd       47      S       0.0     5.6
         dnsproxy       51      S       0.0     5.6

diagnose hardware sysinfo memory:

 FWF30B3G09003210 # diagnose  hardware sysinfo memory 
         total:    used:    free:  shared: buffers:  cached: shm:
 Mem:  128737280 87240704 41496576        0   180224 51929088 46526464
 Swap:        0        0        0
 MemTotal:       125720 kB
 MemFree:         40524 kB
 MemShared:           0 kB
 Buffers:           176 kB
 Cached:          50712 kB
 SwapCached:          0 kB
 Active:          17220 kB
 Inactive:        33688 kB
 HighTotal:           0 kB
 HighFree:            0 kB
 LowTotal:       125720 kB
 LowFree:         40524 kB
 SwapTotal:           0 kB
 SwapFree:            0 kB

diagnose test application proxyacceptor 4:

FWF30B3G09003210 # diagnose  test application proxyacceptor 4
 Running time (HH:MM:SS:usec)             0:03:45:687625
 Time in loop scanning                       0:00:000000
 Worker Read                                          38
 Worker Write                                         22
 Worker Close                                          0
 IPC Conn Read                                         0
 IPC Conn Close                                        0
 poll=84/83/2 pollfail=0
 cmdb=0 sysconserve=0 worker=60 ipcaccept=0 ipcconn=0 acceptor=1
 ipv4 listen: http=8 https=15 smtp=0 pop3=0 imap=0 ftp=0 nntp=0
 ipv4 maxaccept: http=1 https=1 smtp=0 pop3=0 imap=0 ftp=0 nntp=0
 ipv6 listen: http=0 https=0 smtp=0 pop3=0 imap=0 ftp=0 nntp=0
 ipv6 maxaccept: http=0 https=0 smtp=0 pop3=0 imap=0 ftp=0 nntp=0
 vdstat: accept=0 handler=0 in=0 out=0 done=0 close=0 failed=0

I haven' t had the IPS or Antivirus enabled at all during these tests, web filter is pretty much the only real feature this is to be used for. Policy has only Web Filter enabled, still nothing. It' s like its matching the firewall policy (if I disable protocols such as HTTP, it blocks all traffic), but not using the UTM at all for some reason (but user authentication prompts are working) It' s very weird. This unit has been FW 3.xx factory, upgraded to 4.0 MR3 with major WIFI issues then downgraded to 4.0 MR2v5, perhaps it needs a factory reset on this newer firmware to clean it out?

bmann · ‎04-14-2011

Upgrade to MR3 is supported only from some patch releases from 4MR1 and 4MR2. So I would do factory reset, do upgrade to 4MR2 patch 5 for safe and then configure the box.

Help with UTM: Not working at all?

Nominate a Forum Post for Knowledge Article Creation