Hot!Sites being blocked since upgrading to FortiOS 6

Author
rg2017
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/02 07:28:21
  • Status: offline
2018/05/04 08:45:45 (permalink)
0

Sites being blocked since upgrading to FortiOS 6

Hello,
We've upgraded to FortiOS 6 on 4/27. We are seeing a strange bug where random sites will be blocked. The FortiGate will present a FortiGuard web filter block screen with no category. I found the following message in the web filter logs for each of the blocked sites. I haven't configured any URL filter lists; especially ones that include blocking of our major customers' sites. 
 

 
I did find that refreshing the screen would load the site. I'm assuming this is a bug. I've submitted a ticket to FortiNet and they are "researching" the problem.
 
Has anyone else seen this problem with release 6?
 
Thanks,
Rod
#1

10 Replies Related Threads

    rg2017
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/02 07:28:21
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 08:48:45 (permalink)
    0
    Here's one I've just seen when attempting to check the status of an open ticket.
     

    #2
    emnoc
    Expert Member
    • Total Posts : 4785
    • Scores: 290
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 09:24:47 (permalink)
    0
    cli-cmd diag debug flow  is your friend but the error in the 1st post should make it clear as to why your blocked
     
    Ken
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #3
    rg2017
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/02 07:28:21
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 10:07:33 (permalink)
    0
    Thank you, Ken. However, I'm not seeing what you mentioned in the 1st post. It says it was blocked because it's in a URL filter list, which these sites are not.
    #4
    emnoc
    Expert Member
    • Total Posts : 4785
    • Scores: 290
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 10:17:28 (permalink)
    0
    cli-cmd diag debug flow, maybe you have a URL filter profile in a policy and the site matches it  { AdminUsers } ???
     
    Ken
     

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #5
    rg2017
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/02 07:28:21
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 10:20:38 (permalink)
    0
    The sites being blocked are random. There is absolutely no URL filter in that policy, nor any other policy. I haven't used that feature. I especially wouldn't create a URL filter that blocks access to our customer portals. The second post also shows that Fortinet's support site was blocked as well. 
     
    I'm sorry, I'm new to Fortinet and don't know what do to run diag debug flow. I mean I can run the command, but the sites being blocked are random and at random times. 
    #6
    rg2017
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/02 07:28:21
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 10:36:04 (permalink)
    0

    #7
    emnoc
    Expert Member
    • Total Posts : 4785
    • Scores: 290
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/04 12:22:36 (permalink)
    0
    cli-cmd
     
    diag debug reset
     
    diag debug flow  addr  96.45.36.97
    diag debug  show console enable
    diag debug enable
     
    diag debug flow trace start 10
     
    Now point the client at that site and review the output

    PCNSE6,PCNSE7, ACE, CCNP,FCNSP,FCESP,Linux+,CEH,ECSA,SCSA,SCNA,CISCA email/web
    #8
    rg2017
    New Member
    • Total Posts : 9
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/08/02 07:28:21
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/07 07:19:38 (permalink)
    0
    Thank you very much. I'll run the debugs today and see what I find. 
    #9
    systeembeheer@ultimo.com
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/11 02:13:40
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/11 02:17:53 (permalink)
    0
    Hello,
     
    i have the same problem's.
    Random error's at URL Filtering. If you press F5 the page load's perfect.
    It is very random. It's showing catagories wich are not blocked.
     
    I think it's a bug in OS 6.0
     
     
    #10
    tymk
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/16 05:43:23
    • Status: offline
    Re: Sites being blocked since upgrading to FortiOS 6 2018/05/16 05:46:11 (permalink)
    0
    Hi,
     
    yes we have the same problem. Reloading the page helps. But sites get blocked randomly in the first place.
    We had de deactivate web filtering.
    The problem occurred after upgrading to FortiOS 6.0
    #11
    Jump to:
    © 2018 APG vNext Commercial Version 5.5