Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NO Web Browser Acces if FortiGuard Expires
Hello,
we have a Fortigate100D (NFR) for testing reasons in our Company Lab installed and our FortiGuard License has expired in August.
I figured out, that now it is not possible to browse any website except of www.google.com with all kind of Browsers (Explorer,Opera,Mozilla,Chrome) if you have 1 or more UTM Features enabled in your Firewall Policy.
So for example if i disable all the UTM Features on the Police Internal > Wan
i can open any websites with my browser. But if i apply 1 or more UTM Features to that Policy (no mater what, IPS, AV , WEB Filter ans so on.) i cant do it anymore.
Anyway i still can Ping those website sucsessfully ...
i´ve tried it out from internal LAN and from SSL-VPN Tunnel. it´s the same. if split tunneling is disabled you cant open a webpage if any UTM is on.
Is this a security Feature of Fortigate to block WEB Access if you License has expired or is it a bug?
anyone has the same problem?
thank you in advance.
NSE 8
NSE 1 - 7
NSE 8
NSE 1 - 7
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Holy,
Typically webfilter would not allow traffic through by default if the license had expired on it. If you can still ping through it indicates *all* traffic is not being affected, but possibly only http. If you haven' t done so already, try disabling just the webfilter service or at least change your profile to have the option " Allow Websites When a Rating Error Occurs" checked.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Warren,
firstly i was sure its because of WebFilter, but as i said. HTTP/HTTPS works only if i disable all UTM Features. And did not work if i enable only 1 or more UTM Features, no matter what AV, IPS ...
NSE 8
NSE 1 - 7
NSE 8
NSE 1 - 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[image][/image]
I' ve always set my AV filtering for " Allow Websites When a Rating Error Occurs" This should allow web filtering even if your license expires. Everything just gets passed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can do the allow websites when a rating occurs but just think of the negatives as well. If FortiGuard has an issue, your network is prone to more attacks.
just saying
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the UTM license has expired , you cannot use those features, it may work, but not properly.
But you can use the firewall without the UTM.
Nihas [\b]
Nihas [\b]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure why it is the surprise that you have blocked web sites when you are running on an unlicensed feature turned on. Especially if you have not enabled the fail open option.
Even the product warns you when you try to enable it without Fortiguard license.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The thread starter does not discuss Web Filtering but any UTM feature ceasing to pass traffic through.
If that' s how it is it would be new to FortiOS 5.2. I cannot remember this being documented. Or it could be a bug.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much ede_pfau :=) you get it right. I am not discussing the web Filter feature. i try to describe probably a bug or a strange behavior at least.
we have the 5.0.7 installed and did not upgrade to 5.2 it is very anoying right now, because i want to do some testing and some practise for my FCNSA Exam and i cant test UTM Features because of this bug.
I do understand that when a license expires you wont get the latest signatures and so on. But i thought you can use the Old ones for Testing.
Nobody has the same problem?
NSE 8
NSE 1 - 7
NSE 8
NSE 1 - 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For testing purposes I have an NFR version which I got much cheaper then normal.
Also, it is sort of a, " you need fortiguard in order to use ANY of our definitions."
Way for them to make more money.