Interesting. Please let us know if this was the cause of the issue.

I am real confused about that error. Today i got that there is a timeout for do a website rating no server is answering. I wonder if its just cause i did the update at the weekend that my services need be registered again. If there is a general problem i would expect that more people complaining and that maybe some write here. I tested the default webfilter but there was no message sure cause there is all allowed. I also tried to create a complete new webfilter but that also not worked. I also not understand why its not possible to do execute commands in the cli. Maybe something went wrong during the update. But lets see what the support says on monday.

 

BR

Marco

Any update that you can provide?

SecurityPlus wrote:
Any update that you can provide?

Hello, yes the Problem is solved but not with help of fortigate Support at the Moment my ticket is escalated to the next Level. So what happen was that after the upgrade from 5.4.9 to 5.6.5 the web filtering port changed from 53 to 8888. I opened this port in our Internet Firewall and immediately the connection to the fortigate servers was working. the box registered the services and web filter started working again.

 

I double checked the logging and it was really an automatic change that the box did after the update. Maybe I should have more early the idea to check this part but I was sure I not changed nothing so I expected all work like before.

 

BR

Marco

 

I noticed this as well when moving to 5.6.5.  It wasn't mentioned in the release notes, but it is mentioned in the "Ports and Protocols" document: https://docs.fortinet.com/uploaded/files/3606/fortinet-communication-ports-and-protocols-56.pdf as having changed in 5.6.3.

 

Just to confirm, it was another firewall that was blocking 8888, not the FortiGate itself?

Yes it was another firewall. We use the fortigate cluster as layer 2 firewall for Application Filter,Webfilter and IDP. The connect to the Fortigate Server is done with the MGMT Interface. This is connected to another firewall where we just allowed special ports that are needed.

 

BR

Marco

 

marco_d wrote:

So what happen was that after the upgrade from 5.4.9 to 5.6.5 the web filtering port changed from 53 to 8888. 

 

 

We also experienced this and reported it to Fortinet as a bug, which was acknowledged.  I requested it be included in the release notes as a warning to others but have not checked if the latest notes includes it.

 

In our case we changed the port back to 53 and Fortiguard could be contacted again.

 

Jonathan

FYI, they never included it in the release notes.  Feel free to reopen your ticket!  ;)