This site can’t be reached message displayed instead of web filter blocked message| FortiGate Firewall KB


FortiGate 2000E Firmware version       : v6.0.2 build0163 (GA)

Forti Endpoint Management Server         : 6.0.4 build 0158

Forti Client Version                                        : 6.0.4

Symptoms

  • When blocked a HTTPS site, the package just validates the conventional “This page can’t be shown” or “This page can’t display” message.
  • Web site request not validate the Fortigate certificate in your logon machine.

Cause

  • When user request for HTTPS web site and assigned web filter and Application filter to user address or AD user. If checked logs on Forti analyser or fortigate device, found that Application filter is blocked HTTPS web application over browser. When you have applied Application control over the Internet policy.
  • When you have enabled NAT mode as Proxy and Application filter profile have flow based that time HTTPS request getting error like “This page can’t be reached”.
  • Older version of IPS signature.

Solution      

  • If you have enabled proxy mode on NAT then you should change to flow based.
  • Application control should be removed from user policy in fortigate.
  • Upgrade the IPS signature version on fortigate.
  • Config below command on web filter profile.
  • #config application list
  • #edit “Test application profile”
  • #set app-replacemsg enable
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: