Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ouams_90
New Contributor II

Created on ‎02-12-2025 05:11 AM

WEBFILTER NOT WORKING

hello , here jai two wan the first is set up for ipsec the second is to go to internet I have a problem with the webfilter when I put a web filter in a policy via wan 1 PPPOE the webfilter its work but when I put it on the wan 2 ip manual the webfilter blocks everything

Labels:
577
0 Kudos
15 REPLIES 15
Dhruvin_patel
Staff
Staff

Created on ‎02-12-2025 05:59 AM

Greetings!

 

Are you using the same web filter profile that one is being used with a policy that has an outgoing interface as a pppoe link in a policy where the outgoing interface is wan1?

 

Regards!

Dhruvin Patel
364
Ouams_90
New Contributor II
In response to Dhruvin_patel

Created on ‎02-12-2025 06:54 AM

thank you for your answer

yes, it's the same profl

please note that :

route static wan 1 manual
route static wan 2 pppoe dynamique

distance adminitrative wan 1 et 2 = 1

wan 1 priority =1
wan 2 priority = 2

354
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎02-12-2025 05:59 AM

It I understand well your case, it seems the reason is that your clients are reaching Internet through WAN1, not through WAN2, due to your current default route configuration, because PPPoE has by default the priority as default route.

Bear in mind the best way to manage multiple interfaces is SD-WAN.

You can start here:

https://docs.fortinet.com/document/fortigate/7.2.10/administration-guide/889544/sd-wan-quick-start

In case you don't want to use SD-WAN then you just need to configure your static default route (through WAN2) with a distance = 4 or less.

AEK
AEK
363
Ouams_90
New Contributor II
In response to AEK

Created on ‎02-12-2025 06:58 AM

thank you for your reply

currently
the traffic is just based on wan 1 since it is configured in ippool

wan 2 is configured for RDP port forwarding

 

 

351
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎02-12-2025 08:19 AM

Hi @Ouams_90 ,

 

1) If the same web filtering profile is working at least with one firewall policy, there should be no configuration issue with the profile;

 

2) Even if your WAN2 interface has no Internet access, it doesn't matter.  The web filtering rating is sent by FGT itself to the FortiGuard servers based on the routing table.

 

So you may provide the screenshot of the block message for the users got with the traffic via the WAN2 interface.

 

If you have some web filter raw logs for this issue, that would be much better. 

Regards,

Jerry
330
Ouams_90
New Contributor II
In response to dingjerry_FTNT

Created on ‎02-12-2025 11:47 PM

Hi @dingjerry_FTNT 

thank you for your reply
here are some screen captures no access to internet site no securiser et capture log web filter et ssl inspection.

Capture d'écran 2025-02-13 082548.pngCapture d'écran 2025-02-13 083211.pngCapture d'écran 2025-02-13 083825.png

266
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to Ouams_90

Created on ‎02-13-2025 08:20 AM

Hi @Ouams_90 ,

 

Can you double click on one block log message to check the details?  Or if you can save it and provide one RAW log message, that would be great.

Regards,

Jerry
235
Ouams_90
New Contributor II
In response to dingjerry_FTNT

Created on ‎02-14-2025 01:28 AM

Hi @dingjerry_FTNT 

thank you for your reply

 

Capture d'écran 2025-02-14 102235.png

Regards,

 

218
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to Ouams_90

Created on ‎02-14-2025 07:47 AM

Hi @Ouams_90 ,

 

1) "A rating error occurs" 

Please confirm that your FGT has access to the FortiGuard servers:

 

diag debug rating

 

2) Can you share your policy 2 "LAN_TO_INTERNET_FILTRE"?

Regards,

Jerry
197
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.