- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Web Filtering "monitor all" policy causes issues
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Filtering "monitor all" policy causes issues
Hi all,
Through FortiManager I pushed out the default "monitor all" web filtering policy to several small offices running FortiGate 60Ds (v5.2.3).
A few offices were unable to browse, but getting an error saying something about a web rating timeout.
In the policy I then checked off the option "Allow Websites When a Rating Error Occurs" and then pushed the policy again.
This got rid of the error message, but I got complaints that sites were unable to browse or that browsing was extremely slow. I tried the flow-monitor-all policy but this made no difference. As soon as I removed the webfiltering profile from the policy, everything was back to normal.
Note that a lot of the sites that had complaints were remote sites running DSL connections (typically 3Mbps down, 512Kbps up). So I'm thinking that during busy times that the bad connection to FortiGuard to get site ratings is causing delays in loading websites.
Has anyone experienced this behavior before and is there some kind of workaround to avoid it?
Thanks!
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Me since today.
I had everything working then my customer switched to a new connectivity.
Then I started to have a lot of:
"
msg="A rating error occurs",error="rating timeout"
"
The fun thing is that this new connectivity is faster than the previous. I had to disable the web filter and check in some days. I am very angry at the moment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm almost wondering if the problem is your Upload Speed thats causing a Web Rating lookup issue. You can use the FortiManager as a FortiGuard Server as well but if it's remote, then it won't solve your issue unless you have a dedicated connection back to your DC or wherever your FortiManager resides. I wonder if you could setup a traffic policy and setup a guarantee for connections to FortiGuard which may help with your timeout issues as you could prioritize traffic to FortiGuard. I would try this, having worked with smaller connections, this is what I would do to guarantee certain protocols or services have first stab at the connection.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- OSPF redistributed routes filtering 119 Views
- FortiGate6.2 BGP filter 342 Views
- Fortigate and active directory integration 262 Views
- Improve SSL VPN Security / Reduce... 441 Views
- Dynamic Mac Address - Wi-Fi 286 Views
Labels
-
FortiGate
7,096 -
FortiClient
1,399 -
5.2
801 -
5.4
639 -
FortiManager
614 -
FortiAnalyzer
449 -
6.0
416 -
FortiAP
372 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
287 -
FortiMail
275 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
123 -
FortiGuard
115 -
IPsec
105 -
SSL-VPN
100 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
46 -
FortiADC
45 -
Fortivoice
44 -
FortiEDR
43 -
FortiDNS
38 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiAuthenticator
33 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
22 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
Interface
17 -
VDOM
17 -
Routing
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
FortiCASB
12 -
NAT
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
OSPF
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
FortiPAM
5 -
FortiAP profile
5 -
Automation
5 -
trunk
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Port policy
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
3.6
4 -
FortiScan
4 -
Web rating
4 -
Intrusion prevention
4 -
FortiDeceptor
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
DLP sensor
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
Netflow
2 -
FortiInsight
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
DLP Dictionary
2 -
VoIP profile
2 -
DLP profile
2 -
Fabric connector
2 -
Multicast policy
1 -
4.0MR1
1 -
Zone
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1053 | |
| 870 | |
| 521 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.