- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Invalid FortiGuard Web Filtering override request.
Hello,
I was trying to set up a new subnet and DHCP scope on my LAN. I noticed on my DHCP server that BAD_ADDRESS placeholders were filling in many off the addresses in the range. I looked on my core switch and there was no corresponding ARP entry. I did a port scan on NMAP of the IP and got the following output:
Starting Nmap 7.70 ( [link]https://nmap.org[/link] ) at 2018-08-27 14:10 Central Daylight Time Nmap scan report for 192.168.73.105 Host is up (0.0019s latency). Not shown: 65524 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp? 25/tcp open smtp? 80/tcp open http? 110/tcp open pop3? 113/tcp closed ident 135/tcp open msrpc? 143/tcp open imap? 443/tcp open https? 8008/tcp open http 8010/tcp open ssl/http-proxy FortiGate Web Filtering Service 8020/tcp open http-proxy FortiGate Web Filtering Service
Browsing to ports 8008, 8010, or 8020 takes me to a page titled "Web Filter Block Override" with the message in the title. I tried a few other IPs on the subnet and they yielded the same result. Finally, I swept a different /24 subnet that doesn't have a gateway on my network with nmap -sn and all the hosts showed up. Any host I ran a port scan on came back with the same result as above, and the 8000 ports lead to the same webpage. I do have a FortiGate 200E with web filtering enabled, but is this normal behavior? We also use FortiClient on our endpoints that are managed by a separate EMS server if that could play any role.
If anyone has an idea of what is happening here, I'd definitely appreciate an explanation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings!
What range are you trying to configure?
Is that range configured or does it overlap with any configuration on FortiGate?
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.