Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bmcnicholl86
New Contributor II

gstatic.com/generate_204

Hi Everyone.

I have a customer who has a FGT 80E with full UTM features. The main web policy has Web Filtering, IPS, AV and SSL inspection Security Profiles assigned. The end users are reporting that randomly they will get redirected to gstatic.com/generate_204. Looking the browser history under gstatic.com/generate_204 it references "Fortinet DNS Service" which made me wonder if it was one of the Security Profiles causing the issue. I removed all profiles from the web rule and the issue still occurred.

 

I then came across this KB (https://kb.fortinet.com/kb/documentLink.do?externalID=FD36680) regarding  QUIC (Quick UDP Internet Connections) and as the customer had reported that the issue was with Google Chrome, I asked them to implement Method 1 from the KB on a machine that was experiencing the issue. Unfortunately this did not resolve the issue.

 

I have looked at the logs on the FGT and there is nothing there to help me. I am not convinced its a FGT issue (although the reference the Fortinet DNS Service is making me doubt myself) so I am hoping that someone here has seen this before? I have also raised a support ticket with Fortinet in the hope this has been seen before.

 

The FGT is running firmware v6.4.1 build1637 (GA).

 

Note: I have seen this error message when dealing with CWPs in the past but this is not applicable in this instance.

 

TIA.

10 REPLIES 10
lobstercreed
Valued Contributor

I don't think I've seen this before, but you do know 6.4.2 and 6.4.3 have been released, right?  I would recommend upgrading to 6.4.3 ASAP. 

 

6.4.1 was crazy buggy and we saw things that didn't make any sense to us.  It was such a relief when 6.4.2 came out.

 

FWIW, we saw strange things that sound *somewhat* like this on proxy mode policies.  Flow mode would fix it for us.  The issue was the SSL inspection, so we could either turn it completely off (no_inspection profile) or change to flow mode.

bmcnicholl86

lobstercreed wrote:
I don't think I've seen this before, but you do know 6.4.2 and 6.4.3 have been released, right?  I would recommend upgrading to 6.4.3 ASAP.    6.4.1 was crazy buggy and we saw things that didn't make any sense to us.  It was such a relief when 6.4.2 came out.   FWIW, we saw strange things that sound *somewhat* like this on proxy mode policies.  Flow mode would fix it for us.  The issue was the SSL inspection, so we could either turn it completely off (no_inspection profile) or change to flow mode.
Thanks for this. I realised that going from 6.0.x to 6.4.1 changed the default behaviour of the security profile from flow mode to proxy meaning that some of the profiles were rendered useless even though they were applied to flow based rule (exclamation mark was displayed beside the profile that was affected). Having read some forums, I was hopeful that switching the profiles to flow based would help but nope. Always conscious of rocking a new FW hence the reason we haven't upgraded to 6.4.3. You running 6.4.3 currently without issue?
lobstercreed

Yes, I upgraded Friday morning - no issues so far.  If you'd feel better, at least go to 6.4.2.  I was on it since the day after it came out and was never so happy to upgrade.  Had 4 TAC cases open on 6.4.1 for serious issues.

bmcnicholl86

Quick update on this. Upgraded to 6.4.3. Issue seemed to disappear for ~2 weeks then raised its head again.

 

So randomly, the user would be browsing and get a webpage with "Connect to Network. The network you are using may require you to visit www.gstatic.com". At the same time Outlook will appear with a cert error which is consistent with it detecting connection to a new network. All very strange.

 

To mitigate this, I have applied a web filter override and applied it to the web filter in use.

 

Anyone any additional thoughts?

 

 

 

 

boneyard

which certificate is being presented at such a moment?

 

i believe www.gstatic.com is used to google products to check if they have internet access. is this on mobile devices or also on wired ones?

bmcnicholl86

The certificate presented is from *.fortinet.com and happens with wired devices across multiple browsers.
boneyard

and no network issues you are aware of?

 

can you share a screenshot of the certificate? if it comes form the FortiGate itself it might be because it is blocking something on https. although you said it also happens on policies without UTM enabled right? is that still the case?

bmcnicholl86

No network issues. We have noticed a SLA that could be confusing the box but apart from that, nothing.

FranKieSixx
New Contributor

Good morning,

I'm reopening this thread because I'm struggling a lot.

Every time a user tries to access internet via hotel/airport Wifi, Fortinet shows the "URL Blocked by FortiClient" with these details: "www.gstatic.com/generate_204 is in the category Unknown. FortiClient has been configured to block unrated URLs. This URL was categorized as unrated because the FortiGuard URL rating service is inaccessible."

asd.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We have this issue since ever, starting from firmware v. 6.4 as I remember. 

Actual details: FortiGate 200E, v. 7.2.0 build 1157.

 

Is there a way to finally solve it? It's pretty annoying, especially when people is outside Europe and mobile hotspots are too expensive.

Labels
Top Kudoed Authors