User can't access website

ArifS · ‎03-17-2024

One of our user always get error that "URL blocked by Forticlient" and he has to refresh few time to make it working, please details error message screenshot. I already added all the website in exclusion list under web filter, but it still blocks. When he disconnects from telemetry or work offsite, it loads all the website without errors. I am working from the same location and I never had any issue.

Forclient ver. 7.2.2

Forticlient EMS: 7.2.2

ArifS · ‎03-21-2024

I think the issue fixed after i set "Allow websites when rating errors occurs' to Allow. This is option is under Endpoint Profiles - Web Filter.

View solution in original post

ozkanaltas · ‎03-17-2024

Hello @ArifS ,

Are FortiGuard urls/IPs accessible from your office network?

Can you check firewall logs related to problematic clients? Because FortiClient gives an error about the "FortiGuard rating service is inaccessible".

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

ArifS · ‎03-18-2024

How do I check if the Fortiguard urls/ip accessible?

What is the ip address of FortiGuard URLs

In the EMS server log viewer, i only see AD sync logs, so I set the log level to Debug to see if it capture more logs.

ozkanaltas · ‎03-18-2024

You can review this document about FortiGuard addresses. Also, you need to check your configuration. Do you use Anycast or Legacy for webfiltering? You can check this setting in your web filter profile.

https://docs.fortinet.com/document/forticlient/7.2.4/administration-guide/539869

You can check traffic on your FortiGate, whether clients trying to connect these addresses or not.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

ArifS · ‎03-18-2024

I checked URL rating, and it was set to legacy which means it uses usfgd1.fortigate.com server outbound port 8888 for Global. We tried accessing usfgd1.fortigate.com on port 8888 and didnt work but it responded on port 443. So I changed URL rating to Anycast and then tried accessing those webiste and it still blocks. I can't find any useful info in the logs.

ozkanaltas · ‎03-18-2024

Hello @ArifS ,

Can you create a policy on your firewall with internet service (Fortinet-FortiGuard)? After that can you try to access the related website from a client?

Also, can you review the traffic log in in "forward traffic" area?

For example like that.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

ArifS · ‎03-19-2024

After changing url rating to Anycast, both unix and mac users can't get to the internet from lan or from home network when using forticlient. it blocks everything. please see the attached screenshot of the mac user's web filter logs. It says that Blocked (Failed to rating). Let me see if I can get our firewall to make changes.

ArifS · ‎03-21-2024

I think the issue fixed after i set "Allow websites when rating errors occurs' to Allow. This is option is under Endpoint Profiles - Web Filter.

ozkanaltas · ‎03-21-2024

This will solve the problem temporarily. If your clients constantly experience this problem, forticlient will allow all websites. Actually the blocks you make will not work.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

ArifS · ‎03-21-2024

Ever since we deployed forticlient, we see website blocked logs under web filter even though website works fine. But when we installed forticlient on unix, it started blocking website for that machine only. By allowing website in case of error communicating with fortiuard rating server, fixed the issue.