New user of Fortigate hardware here, so we are just trying to set this thing up right now. Have it attached to a standalone workstation with no web access (because we are going to replace our current gateway/router with this one)
As I said, the web filtering feature is disabled on the firewall, but certain websites are being blocked while others are not.
For example: Amazon.com cannot be reached and the error makes no sense to me.
We will worry about fine level tuning and blocking later. For now, I need to be able to get to ANY website from any PC on our network. Any suggestions?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
How are you testing web filtering, or no web filtering, with "no web access" you mentioned first?
I have it configured to replace our current gateway/router, but I can only connect it to the network temporarily (replacing the existing one) for testing since it is NOT the gateway yet. When I plug it in, I go to my workstation and test connectivity. Email works, RDP works and many websites open with no issue. However Amazon and Facebook (for example) do not. I can't tell the exact error I get right now because I can't do the swap during the middle of the day.
Hopefully after 2pm I can try again and I will get the actual error.
Enveloc wrote:
...For example: Amazon.com cannot be reached and the error makes no sense to me...
For starters, what is the error message?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
I get one error in Chrome and a different one in MS Edge. I would post screen shots but apparently that is not supported here, you can only post URLs for pictures from the web.
Anyway, Edge says:
This site is not secure This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately. Go to your Start page Details Your PC doesn’t trust this website’s security certificate.Error Code: DLG_FLAGS_INVALID_CABecause this site uses HTTP Strict Transport Security, you can’t continue to this site at this time.
Chrome says: An application is stopping Chrome from safely connecting to this site.
"Fortinet" wasn't installed properly on your computer or the network
Try uninstalling or disabling "fortinet"
Try connecting to another network
NET::ERR_CERT_AUTHORITY_INVALID
Then, under "advanced," it says: "Fortinet" isn't configured correctly. Uninstalling "fortinet" usually fixes the problem.
Applications that can cause this error include Anti-virus, Firewall and web-filtering or proxy software.
I have not installed ANY software along with this firewall and do not have "Fortinet" installed or otherwise present to my knowledge. And this would make no sense if other websites display with no issues.
The error means the same - your browser doesn't trust the CA which signed the ssl certificate. The first thing you should check is what is the issuer of the presented certificate. In chrome and all browsers is similar, simply click the padlock in the address bar, look for certificate "issuer".
If you see Fortinet as issuer, that means fortigate is re-signing the certificate and acts as man-in-the-middle. May be you have deep-inspection profile applied or fortigate is trying to re-direct you to authentication page or deliver some replacement message which requires traffic decryption, there might be many reasons depends on your configuration.
Created on 06-02-2024 11:24 PM Edited on 06-02-2024 11:26 PM
is there another way except adding the certificate at Chrome to solve the issue?
I have many devices and don`t want to add the certificate on Chrome one by one for all devices
Forgot to mention this is a 60E.
Hi Try to lower your wan interface mtu (1462) especially if you are using PPPoE or xDSL connection
and disable full ssl inspection if it is enabled.
Best Regards pyy
Typically webfilter would not allow traffic through by default if the license had expired on it. You can verify the license using "get webfilter status".Even though ICMP allowed web traffic may not allowed.
You can try turning off all UTM features so Fortinet will operate without nextGen features.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.