Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
menatwork
New Contributor II

[SOLVED-BUG] FortiEMS/Forticlient - massive Webfilter issues for month (not yet solved by support)

Hi folks,

this is no criticism to Fortinetsupport, but I am very interested whether you guys @the forum are having the same issues with Forticlient EMS and the webfilter.

 

I have a open ticket running since June 2022 and did numerous tests, debuglogs, new installs, adapt the installation etc.

 

Situation:

  • Forticlient EMS at Server 2019
  • Sitting in the DMZ
  • Reachable via FQDN from the internet
  • Reachable from internal LAN via FQDN
  • The Forticlient correctly triggers Online-onfabric / Online-off-fabric rules (e.g. I can see that the webfilter is enabled when going off-fabric
  • and here comes the problem:
    • No matter what I do, the webfilter itself is not working properly
    • If I go from onfabric to off-fabric, the webfilter is enabled, BUT
    • it is not filtering anything
    • Sometimes - if I stay off-fabric with the device (e.g with smartphone-hotspot) the webfilter does its job in blocking XXX  sites for example
    • As soon as I start switching networks (off-fabric / on-fabric / off-fabric) the webfilter stops blocking (but being still correctly activated). Sometimes it starts to work after about 10 minutes
    • I tried  it with browser add-ons and without them (Forticlient-addon)

So you absolutly cannot rely on this part of Forticlient, which makes it some kind of insecure!

 

Does no one of you have this troubles? I cannot believe that I am the only one with this situation. Does you Forticlient-Webfilter work (does it block sites when going from on- to off-fabric?)

 

Some feedback woud be great!

Thanks a lot!

 

7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Hello menatwork,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
menatwork
New Contributor II

Hi,

as no one replied it seems like no one have got this issues, or cannot replicate it? Really interesting....

Anthony_E
Community Manager
Community Manager

Hello,

 

I will try to find a FortiClient expert for you, like the other post.

 

Regards,

Anthony-Fortinet Community Team.
btan
Staff
Staff

Hi menatwork,

 

In my personal experience, web filter works reliably (in lab environment). If you have a ticket opened, usually TAC support can assist to check how & why it is not working in your environment. 
I see you have very detailed steps to reproduce, if somehow your case engineer already done checking all from FCT Diagnostic Result but no avail, may I suggest either below:

1. Join one of our lab PC to your EMS to reproduce & investigate the issue
2. Join one of your test machine to our lab EMS with your endpoint profile to reproduce & investigate the issue
This may help narrow down the root cause.

Regards,
Bon
menatwork
New Contributor II

Hi and thanks for your answers!

 

@btan 

 

How can we realize  the point you mentioned -- Number 1: Join one of our lab PC to your EMS to reproduce & investigate the issue

btan

You may open a ticket with us, and suggest this to your case engineer.

Regards,
Bon
menatwork
New Contributor II

So after about 6 month of investigation with TAC, it boiled down to a bug, which will be fixed in 7.2.0 version of Forticlient.

 

I am really wondering that no one of you have got this issue....

Top Kudoed Authors