Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Off-Net Web Filter Blocking Captive Portals as "Unknown"

Recent problem discovered after we updated EMS to v6.0.1 and pushed out FortiClient v6.0.1 to clients. One of our traveling users has reported that FortiClient is blocking captive portals, such as the airline's wifi purchase portal and hotel wifi login pages. It says that the site's category is "Unknown" (presumably because there's no connectivity to do a lookup) but I have no option in EMS to allow sites when lookup fails, nor to allow an "Unknown" category. The closest category is "Unrated" but we're already allowing these.

Anyone run into this before? This was not a problem prior to v6.0.1 (we skipped 6.0.0)

New Contributor III

May have just found my answer in the XML. Found this when checking an endpoint's config:



Testing here shortly.

New Contributor

Any updating from testing.

New Contributor III

cosmak wrote:

Any updating from testing.

I never heard back from my end user on whether or not this fixed the issue... but I am assuming so since I did not hear back.

New Contributor III

EMS v6.0.2 was just released and has this listed as a known issue: Bug ID #497672 "Add GUI option for allowing websites when a rating error occurs"


Any update for this? 6.0.3 doesn't seem to fix the problem. I can't find a way to unblock the "unknown" category.

As a workaround, disabling site categories allows the captive portals to load.

Another workaround is to make an exception for the captive portal URL ahead to time. 

New Contributor

I had the same problem. FIX


                <categories>                     <fortiguard>                         <enabled>1</enabled>                         <rate_ip_addresses>0</rate_ip_addresses>                         <action_when_unavailable>allow</action_when_unavailable>                     </fortiguard>

New Contributor

Does this fix require a reboot or anything special?


I had the same problem. FIX                   <categories>                     <fortiguard>                         <enabled>1</enabled>                         <rate_ip_addresses>0</rate_ip_addresses>                         <action_when_unavailable>allow</action_when_unavailable>                     </fortiguard>





Newbie question here... is the XML from an export of the endpoint FortiClient config?






The XML referred to here is the option available at the EMS GUI > Endpoint Profiles > Web Filter > XML > Edit > Save profile

Once the changes are saved, in the next telemetry sync it will be forwarded to the relevant endpoint.


Best Regards


Top Kudoed Authors