Recent problem discovered after we updated EMS to v6.0.1 and pushed out FortiClient v6.0.1 to clients. One of our traveling users has reported that FortiClient is blocking captive portals, such as the airline's wifi purchase portal and hotel wifi login pages. It says that the site's category is "Unknown" (presumably because there's no connectivity to do a lookup) but I have no option in EMS to allow sites when lookup fails, nor to allow an "Unknown" category. The closest category is "Unrated" but we're already allowing these.
Anyone run into this before? This was not a problem prior to v6.0.1 (we skipped 6.0.0)
May have just found my answer in the XML. Found this when checking an endpoint's config:
<webfilter>
<profiles>
<profile>
<categories>
<fortiguard>
<action_when_unavailable>deny</action_when_unavailable>
</fortiguard>
</categories>
</profile>
</profiles>
</webfilter>
Testing here shortly.
Any updating from testing.
cosmak wrote:I never heard back from my end user on whether or not this fixed the issue... but I am assuming so since I did not hear back.Any updating from testing.
EMS v6.0.2 was just released and has this listed as a known issue: Bug ID #497672 "Add GUI option for allowing websites when a rating error occurs"
Any update for this? 6.0.3 doesn't seem to fix the problem. I can't find a way to unblock the "unknown" category.
As a workaround, disabling site categories allows the captive portals to load.
Another workaround is to make an exception for the captive portal URL ahead to time.
I had the same problem. FIX
<categories> <fortiguard> <enabled>1</enabled> <rate_ip_addresses>0</rate_ip_addresses> <action_when_unavailable>allow</action_when_unavailable> </fortiguard>
Does this fix require a reboot or anything special?
I had the same problem. FIX <categories> <fortiguard> <enabled>1</enabled> <rate_ip_addresses>0</rate_ip_addresses> <action_when_unavailable>allow</action_when_unavailable> </fortiguard>
Newbie question here... is the XML from an export of the endpoint FortiClient config?
Thanks!
Hello,
The XML referred to here is the option available at the EMS GUI > Endpoint Profiles > Web Filter > XML > Edit > Save profile
Once the changes are saved, in the next telemetry sync it will be forwarded to the relevant endpoint.
Best Regards
Jay
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.