We started getting this Web Filter error recently and it's blocking traffic to places like apple.com and microsoft.com. I don't know why Fortiguard servers would be failing to respond now. We had to remove Web filtering due to this error. Any ideas?
Blocked Traffic: http://ocsp.apple.com/
http://ctldl.windowsupdate.com
Errors: Web Filter
Profile NamePublicRequest TypedirectDirectionoutgoingErrorall Fortiguard servers failed to respondMessageA rating error occurs
There can be few reasons, the one that FortiGuard servers all failed less likely of them. Yes, it happens that people report having issues with them but usually it passes quite fast.
Start with seeing the output diag debug rating .
I wrote a post on debugging Fortigaurd servers connection, may be helpful https://yurisk.info/2021/02/21/failed-to-connect-to-fortiguard-servers-updated/ , and old but still valid https://yurisk.info/2009/06/19/failed-to-connect-to-fortiguard-servers/
Thank you for this link. We were indeed on 6.4 and I just disabled Anycast. following your suggestions.
config system fortiguard
set fortiguard-anycast disable
set protocol udp
set port 8888
set sdns-server-ip 208.91.112.220 <-- IMPORTANT TO ADD THIS OR ANY OTHER FDN SERVER TO PREVENT DOWNTIME! end Previously, it was only showing 1 IP in the DI state. Now, it shows a full list of IPs and states other than DI. I'm hopeful that this resolves this issue but I will re-enable the policies and test again.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.