- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Web Filter
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Filter
Hello,
I have complain from user that they have application but not running, after i do investigation by remove web filtering from the policy the application is running.
Then i make a new web filter and set all categories to 'enable' and apply to the policy, and unfortunately the application didn't work anymore, then i remove again this web filter from the policy and the application running back.
So here i want to know if there any difference between we set all categories on the web filter to enable then apply to the policy with no web filter on the policy?
Labels:
- Labels:
-
FortiGate
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would recommend to check web-filter logs and rating errors. Moreover, I would like to ask what action is set for web-filter category.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-Page-Blocked-An-error-occurred-while-t... (rating error)
FortiGate
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
'Allow Websites When a Rating Error Occurs' not helping, the app still not work
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @HS08
As I understand that once you are removing security profiles from the firewall policy, the application is opening.
+ Kindly navigate to Logs&Reports>>Filter it by the source IP>>and check the action, wherein you will see the reason of the application getting blocked.
+ If you are aware of application fqdn, kindly please follow below steps.
+ Please navigate to Security profiles>Web rating overrides>type the URL and do a lookup for the rating and check the application is falling under which category.
+ Once you will identify the category, make sure that category is being allowed from the application control profile.
+ Moreover, please navigate to Logs&Rports>>Security events>>Application Control>>Filter it by the IP and check the relevant logs for the application getting blocked.
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
As i already mention, I already create a new web filter with all categories set to 'Allow' but the app still can't work except the are no web filter on the policy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi HS08,
From the below statement, I understand you are speaking about enabling the Fortiguard categories in webfilter profile:
So here i want to know if there any difference between we set all categories on the web filter to enable then apply to the policy with no web filter on the policy?
>> When you enable the Fortiguard Categories in the Webfilter and called the webfilter profile in the policy, firewall before allowing your website traffic, first it verifies the category of the website with Fortiguard and then takes the action based on the category action you defined in the webfilter.
>> When you do not call any webfilter profile in the policy, firewall doesn't do the above mentioned process, but just allows the traffic.
Now in your sceanrio, you are not able to access the web application when enabling the webfilter profile in the policy. For this, we need to check what is the category of the website, and then you may allow the category, of whitelist it by configuring a URL filter.
>> https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...
you may follow the above and configure the URL which your client is using to access the web application, and set the action as exempt, and test.
NOTE: Let us know if we misunderstood the statement.
Thank you!
Thallapelly Thrilok.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HS08,
Firstly can you let me know which application the access is not working (Application Name)?
As you mentioned even after allowing all the categories the application is blocking it seems unexpected as everything is allowed, the only possibility I can think of is the web rating not working correctly.
To verify it can you confirm this issue is happening with the specific application? are you able to access other sites without any issues? Also, the web filter should not cause issues with the application as it verifies the traffic based on FQDN.
Can you share the output of the policy, web filter, and SSL/ssh profile configured for the application access.
show firewall policy <id>
show webfilter profile
show webfilter urlfilter
show firewall ssl-ssh-profile
diag debug rating
Regards,
Vishal
Vishal
Related Posts
- Automatically Ban Malicious Inbound IPs using... 46 Views
- FortiOS 7.2.8 WAF Event ID not... 147 Views
- Combine Tables In Datasets 49 Views
- DNS filter 97 Views
- Fortimail Cloud - list of email... 89 Views
Labels
-
FortiGate
6,450 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.