- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortiguard Rating Error
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiguard Rating Error
I' m running a 100D on 5.0.7. Lately I had a machine that was able to make a connection out to a known botnet source because a rating error had occurred. This same IP had been rated as Malicious prior to the connection and even after the connection and was blocked. I considered using the option to block a site when a rating error occurs but looking through my logs I am finding that there are numerous rating errors and I don' t want to block legitimate traffic.
Does anyone have experience with Fortiguard rating errors? I have a good connection at this site and am not having any other issues with Fortiguard services that I am aware of.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A ratings error occurs if the Fortigate can not reach the FortiGuard service and/or the site is is not actually given a FortiGuard rating (though I think you' ll be getting an unknown rating error in that case). Keep in mind that the FortiGuard service works on mostly web traffic -- you will want to look into IPS/App control sensors to block botnet connections. See this thread for a good discussion on blocking botnet connections, at various UTM levels.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dave, thanks for the reply!
I think there is a pretty significant difference between an unrated website and an actual rating error. The problem I' m dealing with here pertains to actual rating errors occurring. I' m seeing this on all different kinds of sites but not on a consistent basis.
I appreciate the feedback on how to block botnet connections but at this point I' m not really looking to take this conversation into that subject. I' m really just concerned with Fortiguard categories and how I can avoid getting rating errors in the future.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the output when you run ' diag debug rating' - are there any dropped packets in the last column?
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes I have plenty of lost packets showing on almost every IP in the list. I' m going to try setting the webfilter-sdns-server-port to 8888 and see if that helps at all.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just curious to know if you are receiving packet lost on connections going out the WAN port? Can you perform a " diag hardware deviceinfo nic <interface name>" and check for any errors reported? (Possible duplex mismatch.)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We get this pretty consistently when the ISP of one of our locations blocks or degrades DNS queries off-network, and our Fortigate is set to use Fortinet' s DNS servers.
In your Fortiguard settings, do you have your webfilter option set to regular 53, or port 8888? We have found switching it to 8888 stops all of our ' Rating Error Occurs' .
EDIT: Sorry, just saw your last post attempting to switch to 8888. I' m curious to see if that solves it for you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dave:
No errors on the interface. I assume that would degrade service to the point where we would have noticed it but you never know.
ShrewLWD:
Thanks for the edit - I have been using 8888 for a few days now.
Here' s my output of " diag debug rating" for today:
-=- Server List (Thu Sep 25 13:26:07 2014) -=-
IP Weight RTT Flags TZ Packets Curr Lost Total Lost
69.195.205.101 10 44 -5 292603 0 922
66.117.56.42 10 78 -5 88467 0 328
64.26.151.36 10 93 -5 35453 0 104
64.26.151.37 10 93 -5 35320 0 103
209.222.147.43 10 57 -5 73235 0 276
209.222.147.36 10 130 -5 83185 0 232
64.26.151.35 10 91 -5 35765 0 101
66.117.56.37 10 57 -5 89184 0 307
69.195.205.102 10 45 -5 357885 0 6916
96.45.33.65 20 71 -8 38471 0 92
96.45.33.64 20 71 -8 36537 0 94
208.91.112.200 20 111 -8 35421 0 222
208.91.112.196 20 115 DI -8 36395 0 1079
208.91.112.198 20 114 D -8 36807 0 1574
80.85.69.40 60 148 0 35335 0 132
80.85.69.41 60 148 0 35333 0 130
80.85.69.37 60 148 0 35341 0 139
80.85.69.38 60 148 0 35357 0 156
62.209.40.72 70 163 1 35390 0 188
62.209.40.73 70 163 1 35424 0 224
62.209.40.74 70 164 1 35478 0 279
121.111.236.179 150 197 9 35463 0 276
121.111.236.180 150 195 9 35358 0 153
69.195.205.103 45 44 F -5 39178 38994 38995
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well a closer look at my logs showed that changing the port to 8888 for fortiguard lookups seems to have cleared up my issue afterall.
Thanks for the suggestions everyone!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is may also be possible to use Security Profiles>Web Filter>Rating Overrides and set up a Custom Category to assign the sites you want to allow in spite of rating error or being "Unrated".
Related Posts
- Fortiguard IoT Vulnerability Service Reporting Windows... 106 Views
- Change forticloud mail account 107 Views
- Web Page Blocked - No UTM... 422 Views
- Error downloading license: Error communicating with... 279 Views
- Fortigate 40F fortiguard-log issue reported 554 Views
Labels
-
FortiGate
6,458 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.