Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
albaker1
Contributor

Created on ‎02-18-2025 02:06 PM

Problem with website blocked, even after exclusion created

We have some Ubuntu hosts that need access to a site for updates, and on a "Permit Outbound Web Traffic" rules that includes both 443/tcp and 80/tcp, and there are blocks because of UTM. Specifically, the "Threat Type" is "N/A -Static URL Filter." I put an exclusion in (the FortiManager, running 7.2.8) for the FortiGate (also running 7.2.8) within the Security Profiles > Web Filter for wildcard *.ubuntu.com*, but the block persisted. I then put one in for "connectivity-check.ubuntu.com," which is the first site the hosts try to reach. The blocks continued on. I created a rule to exclude that subnet from the Web Filter, and it works. 

 

I'm at a loss as to why the firewall is behaving this way, and I also can't figure out what "N/A - Static URL Filter" really means in context with the Web Filter. I need to fix this rule, so any help in resolving this would be greatly appreciated.

image.png

image.png

Labels:
438
0 Kudos
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎02-21-2025 12:50 AM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
381
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎02-21-2025 03:07 AM

Has the profile been correctly pushed to the FGT? Can you share a screenshot from the FGT?

Do your clients use legacy DNS (UDP) or DNS over TLS/HTTPS?

AEK
AEK
376
albaker1
Contributor
In response to AEK

Created on ‎02-21-2025 08:40 AM

It has indeed been pushed:

image.png

 

They use 53/udp for DNS to our internal AD servers.

 

We have other exclusions that are working properly, and I've attempted various iterations for Ubuntu with no success.

 

349
0 Kudos
funkylicious
SuperUser
SuperUser
In response to albaker1

Created on ‎02-21-2025 09:44 AM

can you show the whole log where the traffic appears blocked ?

"jack of all trades, master of none"
"jack of all trades, master of none"
339
AEK
SuperUser
SuperUser

Created on ‎02-21-2025 12:58 PM

The filter seems correct on the FortiGate. As requested by Funkylicious, try redo the test (i.e.: access ubunto.com via your browser or wget) then share the traffic logs and UTM logs that show denied access to ubuntu site.

You can also debug the traffic for extra information:

diag debug flow filter addr x.x.x.x   (your client's IP)
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 200
diag debug enable

 

AEK
AEK
327
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.