Home

Why FortiGuard Web Filter is Blocking Nothing? How to Fix It

This article outlines essential guidelines and procedures to consider when initiating the troubleshooting process and addressing some of the most prevalent FortiGuard problems.

FortiGuard Web Filtering is a powerful tool designed to help organizations manage internet access and protect users from harmful content. However, there are instances where it may appear that the web filter is not blocking any sites as intended. Here’s a step-by-step guide to diagnose and resolve the issue.

1. Verify Subscription Status

Ensure that your FortiGate device has an active FortiGuard subscription for web filtering. If the subscription has expired, the web filtering service will cease to function properly.

  • Action: Check your contract status under System > FortiGuard > Filtering Services Availability. Ensure that both web filter and antispam services show as available.

2. Check Service Configuration

Confirm that the web filtering service is enabled on your FortiGate device.

  • Action: Use the CLI command:
    diagnose debug rating
    Look for output indicating whether the web filter service is enabled or disabled. If it shows “Service: Web-filter Status: Disable,” you need to enable it.

3. Firewall Policy Settings

Ensure that at least one firewall policy includes a web filter profile.

  • Action: Navigate to Policy & Objects > Firewall Policy and verify that a policy exists with a web filter profile applied. If none exists, create one and apply the necessary settings.

4. SSL Inspection Configuration

If SSL inspection is not configured correctly, HTTPS traffic may bypass filtering.

  • Action: Go to Security Profiles > SSL/SSH Inspection and ensure that an appropriate SSL inspection profile is applied in your firewall policy. This allows FortiGate to inspect encrypted traffic effectively.

5. DNS Configuration

Improper DNS settings can lead to issues with domain resolution, affecting web filtering functionality.

  • Action: Ensure your DNS settings point to valid DNS servers (e.g., FortiGuard servers). You can configure this under Network > DNS Servers by enabling the DNS service on your internal interface and selecting FortiGuard servers if needed.

6. Review Logs for Errors

Check logs for any error messages related to web filtering or connectivity issues with FortiGuard servers.

  • Action: Navigate to Log & Report > Forward Traffic and look for entries indicating blocked sites or errors like “no rating service found.” This can provide insight into what might be going wrong.

7. Test Connectivity

Verify that your FortiGate can reach the internet and resolve domain names correctly.

  • Action: Use commands like:
    exec ping google.com exec ping service.fortiguard.net
    Successful pings indicate proper connectivity; failures may suggest routing or DNS issues needing resolution.

8. Update Firmware

Sometimes, bugs in older firmware versions can cause unexpected behavior in features like web filtering.

  • Action: Check for firmware updates under System > Firmware and consider upgrading if you are running an outdated version known for bugs related to web filtering functionalities.

9. Reconfigure or Reset Settings

If all else fails, consider reconfiguring your settings or resetting them back to default values before reapplying configurations carefully.

  • Action: Backup current configurations, then reset relevant sections of your configuration related to FortiGuard services and reapply them step by step while monitoring functionality after each change.

By following these steps systematically, you should be able to identify why FortiGuard Web Filtering appears not to block anything and implement effective solutions accordingly.


Authoritative Sources Used:

  1. Fortinet Documentation

    • Official documentation provides detailed guidance on configuring and troubleshooting Fortinet products.
  2. Fortinet Knowledge Base

    • A repository of articles addressing common issues faced by users of Fortinet products, including troubleshooting steps.
  3. Fortinet Community Forums

    • User-generated discussions where real-world problems are solved collaboratively, offering insights into practical solutions based on user experiences.