Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sw2090
SuperUser
SuperUser

rating overrides broken again in 6.2.5

Hiho,

 

I just started upgrading our FGTs to 6.2.5 and I ran into that issue:

 

my rating overrides that were working correctly up to 6.2.4 at least partly are beeing ignored. Oven workarounding by supplying an url filter entry to exempt a page does not help.

Still pages that do have a rating override into an allowed cathegory are blocked.

The only thing that helped was to set the "new" cathegory to "monitor" instead of "allow". Then Sites work correctly again.

This seems to be an old issue since execatly this symptopms and behavior plus workaround already occured in v5.4.2 .

Looks like Forinet have brought an old bug into the game again :\

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
9 REPLIES 9
Marher
New Contributor

the same problem is correct I have in fortigate 500E With the filtering that I currently have, I think I will rollback my version and return to 6.2.4 

sw2090

I have opened a ticket with TAC on that. We'll see what they say.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Marher
New Contributor

I also already raised the case, I keep you informed when you answer me or what answer you give me

Regards.!

sw2090

would you mind handing me your case-id? I'd refer to it in my ticket then so TAC maybe could coordinate better.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
BastianU

Hello, try to change the action from allow to monitor

 

best regards...

sw2090

yeah thar's what I did as a workaround. Alas to me that's a workaround but not a solution.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090

Accoarding to TAC in now two cases this is wanted behaviour in v6.2.5 and 6.4. However Fortinet did not at all mention this change in behaviour in the release notes of at least 6.2.5...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Marher
New Contributor

Sure without problems my ticket is the following # 4457001 but I was doing some tests on your web filtering you have SSL deep inspection activated ?

sw2090

not currently as I encountered some issue with rolling out the deep inspection profiles in FortiManager.

But I wll reactivate it once those are solved.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors