Hot!Web Filter is blocking sites like the BBC

Bronze Member
  • Total Posts : 31
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/25 02:13:21
  • Status: offline
2018/01/15 03:20:00 (permalink)

Web Filter is blocking sites like the BBC

Ive just setup a Fortigate 60E with the latest firmware and its blocking sites like the BBC, Ive set the web filter to block Potentially Liable, Adult/Mature Content & Security risk. Not sure why sites like this are getting blocked?
It does come up with an SSL first then i click proceed anyway. Is it something to do with the SSL certificate as when i click "Allow websites when a rating error occurs" it works fine it just shows theres no SSL certificate in the corner which the BBC normally has.
Ive read documentation and seems like ive setup correctly can anyone advise please?
Itzik Sharon
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/06 22:17:05
  • Status: offline
Re: Web Filter is blocking sites like the BBC 2018/01/21 10:16:17 (permalink)
Go to: 
and put your URL for checking the category. after that is done you can block / permit the policy accordingly. 
Itzik Sharon 
Gold Member
  • Total Posts : 249
  • Scores: 8
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Web Filter is blocking sites like the BBC 2018/01/23 07:52:37 (permalink)
you say it works when you enable "Allow websites when a rating error occurs". This points me to your webfilter. You should check if you have a valid license for webfilter on your FGT and you should also check if it has connectivity to the FortiGuard(tm) Servers. If either of those two is not fullfilled you will not be able to check the rating of your website which results in blocking it excecpt if you enable the option above.
The SSL may be due to your security profiles too. You might have enabled SSL (deep) Inspection. If so your FGT will catch a https connection and hand it over to your pc using its own (self signed) certificate which will result in what you get. The FGT will then be "man in the middle" to be able to inspect the data that goes over this connection. 
This can only be avoided by either install the Fortinet CAs used to sign that cert or buy some cert from a CA that is accepted by the browsers and install that onto the FGT.
Jump to:
© 2019 APG vNext Commercial Version 5.5