Web Filter blocking site, even though set to Allow

Zunk · ‎10-06-2021

[ul]

FortiGate 50E, v6.2.9 build1234 (GA)[/ul]

Web Filter is blocking random sites,

even though set to Allow every category.

I'm testing with sourceforge.net

[ul]

After turning on SSL Inspection, certificate was added to browser and OS.

With Web Filter OFF & SSL Deep Inspection ON, I can access sourceforge.

With Web Filter ON & SSL Deep Inspection ON, I cannot access sourceforge, browser complains "connection reset" (and cannot access other random sites), yet most other sites remain available.

Web Filter has been set to Allow every category & uncatagorized.

(Same behavior using "Monitor-all" filter)[/ul]

wget / Web Filter OFF - sourceforge.net - success

wget sourceforge.net
--2021-10-06 15:45:30-- http://sourceforge.net/
Resolving sourceforge.net (sourceforge.net)... 204.68.111.105
Connecting to sourceforge.net (sourceforge.net)|204.68.111.105|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://sourceforge.net/ [following]
--2021-10-06 15:45:30-- https://sourceforge.net/
Connecting to sourceforge.net (sourceforge.net)|204.68.111.105|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 151676 (148K) [text/html]
Saving to: ‘index.html.2’

wget / Web Filter ON (set to Allow everything) - sourceforge.net - failure

wget sourceforge.net
URL transformed to HTTPS due to an HSTS policy
--2021-10-06 16:01:54-- https://sourceforge.net/
Resolving sourceforge.net (sourceforge.net)... 204.68.111.105
Connecting to sourceforge.net (sourceforge.net)|204.68.111.105|:443... connected.
GnuTLS: Error in the pull function.
Unable to establish SSL connection.

Why can't wget (or browsers) establish an SSL connection for random sites with Web Filter ON?

Any ideas?

What should I try next?

Toshi_Esumi · ‎10-06-2021

At least sourceforge.net is the Let's Encrypt cert expiration issue started on Oct. 1. https://forum.fortinet.com/tm.aspx?tree=true&m=199237&mpage=1