Hot!FortiGate Web Filter Error: All FortiGuard servers failed to respond.

Author
Andrew@TheLinkSource.com
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/03/19 06:27:42
  • Status: offline
2021/03/28 09:08:22 (permalink) 6.4
0

FortiGate Web Filter Error: All FortiGuard servers failed to respond.

We started getting this Web Filter error recently and it's blocking traffic to places like apple.com and microsoft.com. I don't know why Fortiguard servers would be failing to respond now. We had to remove Web filtering due to this error. Any ideas?
 
Blocked Traffic:
http://ocsp.apple.com/
http://crl3.digicert.com
http://ctldl.windowsupdate.com
 
[font="'helvetica neue', arial, helvetica, sans-serif; font-size: 18px"]Errors:
Web Filter
Profile NamePublicRequest TypedirectDirectionoutgoingErrorall Fortiguard servers failed to respondMessageA rating error occurs


#1

2 Replies Related Threads

    Yurisk
    Gold Member
    • Total Posts : 214
    • Scores: 32
    • Reward points: 0
    • Joined: 2011/12/04 03:30:01
    • Status: online
    Re: FortiGate Web Filter Error: All FortiGuard servers failed to respond. 2021/03/28 10:28:52 (permalink)
    0
    There can be few reasons, the one that FortiGuard servers all failed less likely of them. Yes, it happens that people report having issues with them but usually it passes quite fast.
    Start with seeing the output diag debug rating
    I wrote a post on debugging Fortigaurd servers connection, may be helpful https://yurisk.info/2021/02/21/failed-to-connect-to-fortiguard-servers-updated/ , and old but still valid https://yurisk.info/2009/06/19/failed-to-connect-to-fortiguard-servers/
     
    #2
    Andrew@TheLinkSource.com
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/03/19 06:27:42
    • Status: offline
    Re: FortiGate Web Filter Error: All FortiGuard servers failed to respond. 2021/03/28 10:52:46 (permalink)
    0
    Thank you for this link. We were indeed on 6.4 and I just disabled Anycast. following your suggestions.
     
    config system fortiguard
    set fortiguard-anycast disable
    set protocol udp
    set port 8888
    set sdns-server-ip 208.91.112.220 <-- IMPORTANT TO ADD THIS OR ANY OTHER FDN SERVER TO PREVENT DOWNTIME! end

    Previously, it was only showing 1 IP in the DI state. Now, it shows a full list of IPs and states other than DI. I'm hopeful that this resolves this issue but I will re-enable the policies and test again.

    #3
    Jump to:
    © 2021 APG vNext Commercial Version 5.5